The Resort Municipality of Whistler endured a ransomware attack where their network, email, website, and phone systems were knocked offline. Online operations and some in-person activities were suspended.
In a statement on their website, the resort explained, “April 28, 2021: Whistler, B.C. – The Resort Municipality of Whistler (RMOW) has temporarily suspended all online and some in-person services as a precautionary measure due to a cyber security incident. This means RMOW email, phones, network services, and website are currently unavailable. In-person service at municipal hall has also temporarily suspended. We apologize for this inconvenience and will provide an update when we are able to return those services,” the Whistler.ca website previously announced.”
Usually, during ransomware attacks, websites go offline but are not necessarily repurposed by the threat groups for communication. This particular threat group took over the website and displayed temporary information, “Site is under construction. Sorry. Contact to support in chat please.” This was followed by a link to their dark web site with the chat being referenced.
The chat read “Talk with support. We can decrypt your data and burn out your leaked files.” This tells us the threat actors encrypted data but also exfiltrated some unencrypted data.
This process of encryption and exfiltration is common among ransomware attacks lately. Although, according to BleepingComputer and some security researchers, this dark web site has not been seen before which may point to a new ransomware variant or operation.
SpearTip’s security engineers are always staying up with the latest advancements in the threat landscape. We understand how quickly operations and methods can change among threat actors and have dedicated team members to analyze malware in efforts to stop persistent threats.
As the employees and owner of the Whistler Resort suddenly realized, threat actors will attack organizations among any industry. If you don’t have cyber protection services like what we can offer, it’s only a matter of time before threat actors target your business. Don’t give them the ability to do it. Allow our team to stop them dead in their tracks.
Our team will continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.
If you think your organization has been breached, call our Security Operations Center at 833.997.7327.