Canadian banking tech giant Moneris says it prevented ransomware attack

A technology company created by two of Canada’s largest banks said it stopped a recent ransomware attack.

Toronto-based Moneris was listed Monday on a cybercrime group’s data leak site, but in a statement to Recorded Future News, a company spokesperson said its cybersecurity team “prevented access to critical data and no ransom request was made.”

The Medusa ransomware gang claimed Monday morning that it attacked the company, giving it nine days to pay a $6 million ransom to either download or delete the data.

An outside party did attempt to breach Moneris’ networks, but “our team did a full audit and analysis of the incident, reviewed all information, and concluded none of our Digital Loss Prevention policies were triggered,” the spokesperson said.

Moneris did not say when the attempt occurred. It did not respond to questions about whether it might have paid a ransom.

The company is a joint venture of the Royal Bank of Canada and Bank of Montreal. It has quickly become the largest payment processor in Canada, handling transactions at more than 325,000 merchant locations across the country.

“Cybersecurity is a top Moneris priority, and we take the protection of our customers and their data seriously,” the spokesperson said. “We employ a dedicated team to manage and respond to cyber risks and their swift actions ensured Moneris and its customers were not impacted.”

Moneris reported system outages in September that affected dozens of businesses across Canada.

The Medusa gang has been behind several high-profile attacks in 2023, including incidents that affected an Italian company that provides drinking water to nearly half a million people, one of the largest school districts in Minnesota, the French town of Sartrouville, Tonga’s state-owned telecommunications company and most recently the government organization that manages the universal healthcare system of the Philippines.

Ransomware gangs have made a point of going after financial system infrastructure in recent weeks, with one prominent gang launching a damaging attack last week on the Industrial and Commercial Bank of China (ICBC).

ICBC confirmed that attack in a notice over the weekend. Reuters reported that the LockBit ransomware group claimed the massive Chinese bank paid an undisclosed ransom.

The attack disrupted trades in the U.S. Treasury market and left the bank’s U.S. arm in debt to another bank for over $9 billion. The bank was forced to use USB sticks and temporary Gmail accounts to conduct business during the attack.

Correction, 5:20 p.m. November 13: Removed a reference to a Cybersecurity and Infrastructure Security Agency report that was about an unrelated group.