Canadian food giant refuses to pay ransom after gang threatens data leak

Canadian food giant Maple Leaf Foods said it has refused to pay a ransom after suffering a ransomware attack earlier this month.

The billion-dollar packaged meat company told The Record that it was able to quickly and safely restore their systems after implementing business continuity plans following a system outage caused by a cyberattack in early November. All of their plants continued to operate in spite of the attack. 

“Unfortunately, we know that the people behind this incident were able to gain unauthorized access to some of our data, and they are threatening to release it unless we pay a ransom, which we will not do,” a spokesperson told The Record. 

“We’re sorry this occurred and apologize for the frustration and challenges it may cause. We have invested significant resources into the security of our systems and take the confidentiality and security of the information in our possession very seriously.”  

The company said it is providing employees affected by the incident with two years of credit monitoring services

The spokesperson said they are “asking responsible people… not to entertain any ‘leads’ they get from stolen or compromised data and not to contact anyone based on illegally obtained information.”

In its previous statement on November 6, the company said it hired a cybersecurity firm and recovery experts to help with the response. They said they were working with all customers and suppliers to “minimize these disruptions in order to continue delivering the nutritious food people need.”

On Thursday, the Black Basta ransomware group took credit for the attack, posting the company on its leak site and sharing troves of stolen business information that included contracts and invoices. 

Earlier this month, cybersecurity researchers from SentinelOne said they uncovered evidence tying the long-running cybercrime cartel FIN7 to the ransomware operation following high-profile attacks on the American Dental Association and German wind farm operator Deutsche Windtechnik

The ransomware emerged in April and quickly racked up more than 90 attacks on organizations by September. 

“The rapidity and volume of attacks prove that the actors behind Black Basta are well-organized and well-resourced, and yet there has been no indications of Black Basta attempting to recruit affiliates or advertising as a RaaS on the usual darknet forums or crimeware marketplaces,” the researchers said. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.