February 14, 2024 at 10:31AM
Trans-Northern Pipelines (TNPI) confirmed a November 2023 breach in their internal network and is investigating data theft by the ALPHV/BlackCat ransomware gang. Operating 850km in Ontario-Quebec and 320km in Alberta, the company transports petroleum products while facing cybersecurity challenges. ALPHV, formerly DarkSide and BlackMatter, has been linked to numerous global breaches and ransom payments.
Key Takeaways from the Meeting Notes:
– Trans-Northern Pipelines (TNPI) experienced a cybersecurity breach in November 2023, leading to an investigation of data theft claims by the ALPHV/BlackCat ransomware gang.
– TNPI’s internal network was compromised, affecting a limited number of internal computer systems, and the incident is being investigated. Third-party cybersecurity experts were involved, and the breach was quickly contained.
– TNPI continues to safely operate its pipeline systems, consisting of 850 kilometers in Ontario-Quebec and 320 kilometers in Alberta, transporting refined petroleum products daily, including gasoline, diesel fuel, aviation fuel, and heating fuel from refineries to distribution terminals.
– The ALPHV ransomware group claims to have stolen 183GB of documents from TNPI and posted them on the dark web, along with contact information for TNPI employees.
– The ALPHV/BlackCat ransomware gang, previously known as DarkSide and BlackMatter, has a history of extensive cybercrime activities, including 60 breaches against organizations worldwide from November 2021 to March 2022.
– ALPHV has received nearly $300 million in ransom payments from over 1,000 victims until September 2023, prompting FBI intervention, which temporarily disrupted their operation. However, the ransomware gang has since re-emerged and launched a new Tor URL that the FBI can’t take down.
These takeaways summarize the details related to the TNPI cybersecurity breach, the actions taken by the ransomware group, and the broader context of ALPHV/BlackCat’s criminal activities.