Manitoba insurance agency admits it was hit by ransomware

A Manitoba-based insurance agency serving Western Canada has confirmed it was recently hit by ransomware after the gang behind the attack publicized the incident because the firm refused to pay up.

Andrew Agencies of Virden, Man., told several news services including the CBC and CTV it had been hit. CTV quoted Dave Schioler, the executive vice-president and general counsel as saying there is no evidence sensitive personal information or data being stolen or compromised.

“We can advise that the incident has had minimal impact on our operations,” he said.

He is quoted as telling the news agency that his firm didn’t pay a ransom.

According to the CBC, Andrew Agencies was among the first companies outed by the group behind the Maze ransomware which has promised to publicize the names of organizations that refuse to pay to get decryption keys to unlock data and to publicly release sensitive data it has stolen. The group says its version of ransomware includes data-stealing as well as encryption capabilities.

Andrew Agencies has 18 offices in Manitoba, Saskatchewan and Alberta.

Bleeping Computer says the Maze group told it by email that Andrew Agencies was attacked on October 21st and encrypted  245 computers. As “proof” of the attack, the news site says, it was sent a list of 245 encrypted computers, their IP addresses, computer names, and sizes of the data encrypted by the ransomware.

The news site also says the person it communicated with released a text file containing a list of 876 user names and hashed passwords for users on the network. Depending on the quality of the system used by the insurance agency, the hashes may be safe.

Maze told BleepingComputer that the ransom amount was $1.1 million, or 150 bitcoins. The insurance agency, it says, had some communications with the attackers but then stopped responding. The attackers said their deadline for receiving the ransom was the end of November.

Earlier this week incident response expert Ed Dubrovsky told IT World Canada that the Maze group has the ability to steal some data before encrypting a victim’s systems, but usually nowhere near as much as it often claims. However, he added, it would have enough stolen data to be damaging.

The fact that the insurance agency didn’t publicly confirm it was hit by ransomware until news reports emerged raises questions about the effectiveness of changes to Canada’s recent privacy law. The changes to the Personal Information Protection and Electronic Documents Act (PIPEDA), oblige organizations to notify victims and the federal privacy commissioner if there is a breach of security controls that would result in a “real risk of serious harm” to individuals. That would cover certain data copied by an attacker.

While Maze threatens to release “databases and private papers” belonging to the Manitoba firm and other victims, CTV quoted Andrews Agencies lawyer as saying the firm has no evidence that “sensitive” personal details had been jeopardized.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now