The ALPHV/BlackCat ransomware group has claimed responsibility for hacking into the internal network of Canada’s Trans-Northern Pipelines, one of the country’s vital oil and natural gas pipelines. The group announced that it stole nearly 200 gigabytes of data from the Ontario-based company.
Trans-Northern Pipelines (TNPI) plays a crucial role in Canada’s energy infrastructure, transporting refined petroleum products like gasoline, diesel fuel, aviation fuel, and heating fuel between Montreal, Quebec, and Toronto, Ontario.
The ransomware group’s claim was shared by cybersecurity researcher Brett Callow, who posted a screenshot on Twitter showing the group’s announcement about the stolen data being made public.
TNPI initially refrained from commenting on the ransomware group’s claims. However, a company spokesperson later confirmed to The Register that TNPI experienced a cybersecurity incident in November 2023, affecting a limited number of internal computer systems. The incident was swiftly contained with the assistance of third-party cybersecurity experts.
Lisa Dornan, TNPI’s communications team leader, assured that the pipeline operations remained unaffected by the incident, with no unusual interruptions reported.
Brett Callow highlighted the ALPHV ransomware group’s previous connection to the DarkSide ransomware group, notorious for the successful attack on Colonial Pipeline in 2021. The attack on Colonial Pipeline prompted a temporary shutdown of operations and a $5 million ransom payment to restore services.
Rebecca Moody, Head of Data Research at Comparitech, underscored the potential consequences of ransomware attacks on utilities organizations, citing the Colonial Pipeline incident. Moody emphasized the need to assess the impact of the alleged attack on Trans-Northern Pipelines and determine if any data has been compromised.
