Canadian military patch
Image: Canadian military / Cpl. Jeffrey Clement, Joint Task Force-Ukraine

Canadian military: Ransomware attack on contractor didn’t touch defense systems

Canada’s defense department confirmed Thursday that its systems were not affected by a ransomware attack on engineering giant Black & McDonald.

Black & McDonald did not respond to repeated requests for comment, but a spokesperson for Canada’s Department of National Defence told The Record that it was aware of a ransomware attack on the company.

The spokesperson explained that Black & McDonald is the parent company of Canadian Base Operators, which holds several contracts with the Department of National Defence for facilities management and logistical support services.

“Defence Construction Canada (DCC) manages some of these contracts on behalf of DND. For most of these types of contracts, the contractor does not have any direct access to DND networks and sites,” the spokesperson said.

“At this time, there is no evidence of any effects on DCC systems or files, nor on DND/CAF operations or security, as a result of this incident. Once DCC was informed of the incident, it blocked all incoming emails from Black & McDonald out of an abundance of caution and conducted business by phone or in person.”

The spokesperson added that email communication later resumed between the Department of National Defence and the contractor once the company was able to restore its email system.

The spokesperson said the Department of National Defence was notified on February 10.

Black & McDonald also has contracts with the Toronto Transit Commission and Ontario Power Generation — both of which told The Canadian Press they were informed by the company about the ransomware incident.

The engineering firm has 5,500 employees across 35 offices in North America and reported sales of $1.5 billion last year. It has multimillion-dollar contracts with governments across Canada and several with the military.

No ransomware group has come forward to claim the attack as of Thursday.

Canada has already faced at least three headline-grabbing ransomware attacks this year. The LockBit ransomware group caused outrage at the beginning of the year with a devastating attack on the country’s largest children's hospital.

A ransomware attack on the main energy provider for Canada’s largest and northernmost territory occurred in January and the country’s biggest bookseller Indigo struggled for weeks to recover from an incident last month.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.