Resort Municipality of Whistler (RMOW) as suffered a cyberattack by a new ransomware operation.
The attack forced them to shut down their network, website, email, and phone systems and thus they had to suspend all online activities and certain in-person municipality activities.
Even the Whistler.ca website was hacked to display a message stating that the site was under construction and that visitors should contact support at an included Tor dark web URL.
The URL also lead to a dark web chat site used by the attackers to negotiate a ransom payment with Whistler and to prevent the leaking of stolen files.
The group reportedly stole the personal information (names, addresses) sql databases, stats, huge email dumps, emails database, passwords, network scheme, services, private documents of about 800 gb that were to be placed on darknet auction and sold in next 7 days.
TPRM report: https://scoringcyber.rankiteo.com/company/rmowhistler
"id": "res225171222",
"linkid": "rmowhistler",
"type": "Ransomware",
"date": "04/2021",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Municipal Services',
'location': 'Whistler, Canada',
'name': 'Resort Municipality of Whistler (RMOW)',
'type': 'Government'}],
'attack_vector': 'Network intrusion',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal information',
'SQL databases',
'Email dumps',
'Passwords',
'Network scheme',
'Private documents']},
'description': 'The Resort Municipality of Whistler (RMOW) suffered a '
'cyberattack by a new ransomware operation, forcing them to '
'shut down their network, website, email, and phone systems. '
'The attackers also stole personal information and other '
'sensitive data, threatening to leak it if a ransom was not '
'paid.',
'impact': {'data_compromised': ['Personal information (names, addresses)',
'SQL databases',
'Email dumps',
'Passwords',
'Network scheme',
'Private documents'],
'downtime': ['All online activities',
'Certain in-person municipality activities'],
'systems_affected': ['Network',
'Website',
'Email',
'Phone systems']},
'initial_access_broker': {'data_sold_on_dark_web': True},
'motivation': 'Financial gain',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'New ransomware operation'},
'response': {'containment_measures': ['Shut down network, website, email, and '
'phone systems']},
'title': 'Cyberattack on Resort Municipality of Whistler',
'type': 'Ransomware'}