A mining firm named Canadian Copper Mountain Mining Corporation (CMMC) in British Columbia, Canada, disclosed it was a subject of a ransomware campaign that crippled its operations.
The Mitsubishi Materials Corp partly owns the Canadian Copper Mountain Mining Corporation. Based on reports, it has approximately 18,000 acres that produce an average of 4 billion kilograms of copper per year. Experts estimate that the mining company has had a mineral reserve capacity for another three decades.
According to investigations, the cybercriminal incident targeting the firm happened in the last weeks of December last year. The Canadian mining company’s Information Technology team responded immediately by executing their predefined risk management systems and commands.
CMMC segregated the infected systems to mitigate the damage of the attack.
The security team of the CMMC isolated the compromised systems and shut down other parts of the network to contain the incident and determine the ransomware attack’s overall effect.
CMMC’s cybersecurity engineers had to take down the mill’s operation as a precautionary measure to evaluate the status of its control systems. Other CMMC services resorted to the standard pen-and-paper operation.
According to the company’s announcement on its website, its internal and external IT teams continue to assess risks. They are establishing additional security protocols to reduce their systems’ risk.
Furthermore, CMMC had reached out to relevant authorities to assist them in investigating the source of the cybercriminal act. Fortunately, the company’s announcement did not state that the attack compromised the safety measures or any environmental hazard.
Currently, the company prioritises the return of their standard operations to limit the financial impact of the attack.
A separate researcher discovered that a threat actor sold an account credential owned by an employee on an underground marketplace last month. Hence, the attackers may have purchased the credential to establish a foothold in CMMC’s network.
Lastly, the attack date and the credential posting are close, increasing the chances that the attack against the company is caused by the threat actor who bought the credentials.
