In August 2022, Bombardier Recreational Products Inc. (BRP) fell victim to a ransomware attack executed by the RansomEXX gang, which severely disrupted its operations for multiple days. Initially, BRP acknowledged the incident as malicious cyberactivity and implemented containment measures. However, it was later confirmed that an unauthorized third party had accessed and leaked sensitive data on the dark web. The breach involved 29.9GB of stolen files, including non-disclosure agreements, passports, IDs, contracts, and supply agreements compromising both employee and supplier information.The attack not only exposed critical internal and third-party data but also caused operational paralysis, halting business functions temporarily. The leaked data posed significant risks, including potential fraud, reputational damage, and legal repercussions due to the exposure of personally identifiable information (PII) and confidential business documents. The incident underscored the severe consequences of ransomware-driven data exfiltration, particularly when combined with operational disruption and the public disclosure of sensitive corporate and personal records.
Source: https://ics-cert.kaspersky.com/publications/reports/2023/03/15/h2-2022-brief-overview-of-main-incidents-in-industrial-cybersecurity/">https://ir.brp.com/news-releases/news-release-details/brp-reports-cyberattack
TPRM report: https://www.rankiteo.com/company/brp
"id": "brp236092125",
"linkid": "brp",
"type": "Ransomware",
"date": "8/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'recreational vehicles (e.g., snowmobiles, '
'ATVs, jet skis)',
'location': 'Canada (headquartered in Valcourt, '
'Quebec)',
'name': 'Bombardier Recreational Products Inc. (BRP)',
'type': 'corporation'}],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['PDF',
'DOCX',
'XLSX',
'TXT',
'IMG (assumed)'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personal data (passports, IDs)',
'corporate data (NDAs, '
'contracts, supply agreements)']},
'date_detected': '2022-08',
'date_publicly_disclosed': '2022-08',
'description': 'In August 2022, Bombardier Recreational Products Inc. (BRP) '
'experienced a ransomware attack that disrupted operations for '
'multiple days. The attack involved unauthorized access to '
'employee and supplier data, which was later leaked on the '
'dark web by the RansomEXX gang. Stolen data included 29.9GB '
'of files such as non-disclosure agreements, passports, IDs, '
'contracts, and supply agreements.',
'impact': {'data_compromised': ['non-disclosure agreements',
'passports',
'IDs',
'contracts',
'supply agreements'],
'downtime': 'multiple days',
'identity_theft_risk': 'high (passports, IDs exposed)',
'operational_impact': 'operations crippled'},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['employee data',
'supplier agreements',
'corporate contracts']},
'motivation': 'financial (ransom), data theft',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'RansomEXX'},
'references': [{'source': 'Public disclosure by BRP (August 2022)'}],
'response': {'communication_strategy': 'public disclosure of breach and data '
'leak',
'containment_measures': 'immediate measures taken (unspecified)',
'incident_response_plan_activated': True},
'threat_actor': 'RansomEXX',
'title': 'Ransomware Attack on Bombardier Recreational Products Inc. (BRP)',
'type': 'ransomware'}