Ransomware gang says it has hit International Joint Commission

Share post:

The NoEscape ransomware gang claims it has struck the International Joint Commission (IJC), a U.S.-Canadian body that oversees the shared lake and river systems along the border between the two countries.

Logo of the International Joint Commission

On its data leak site, the gang claims to have copied 80GB of commission data, including confidential and legal documents as well as personal information of commission employees, and is threatening to release them unless it is paid.

The U.S. and Canadian offices of the commission were asked Monday evening for comment. No response was received by press time Tuesday morning.

Members of the IJC are appointed by Washington and Ottawa, although they are expected to act independently of their governments. The agency’s job is to prevent and resolve disputes between the two countries under the 1909 Boundary Waters Treaty, but it also reports on air pollution.

“The IJC network was successfully encrypted and compromised,” the gang’s statement says. “We have 80 GB of data, namely: Confidential documents, legal documents, personal information of members and employees, memorandum, conflict of interest documents, hundreds of contracts, geological documents, banking, finance, insurance and much other confidential and sensitive information.

“If management continues to remain silent and does not take the step to negotiate with us, all data will be published. we have more than 50,000 confidential files, and if they become public, a new wave of problems will be colossal. For now we will not disclose this data or operate with it. But if you continue to lie further you know what awaits you.

“Assign a person to the position of negotiator and tell him to contact us. We will explain everything and help solve this problem.

“Time is running out”

A copy of the notice was posted Monday on X by Brett Callow, a British Columbia-based threat researcher for Emsisoft.

The commission publishes a number of publicly available documents such as annual reports, reports of public meetings, maps, and recommendations on keeping waters between the two countries clean for people and fish.

According to researchers at Quarum Cyber, NoEscape is a ransomware-as-a-service operation that was announced May 22 on dark web forums. The gang has an affiliate program that allows approved third-parties to install NoEscape on IT systems for a fee. According to researchers at Sentinel One, an affiliate gets 90 per cent of any collected ransom over US$3 million. The split varies with the ransom paid. If the ransom paid is US$1 million the affiliate gets 80 per cent.

Affiliates have access to a management panel that allows them to monitor and manipulate their ransomware campaigns, SentinelOne says. The panel offers automated updates to the gang’s TOR-based leak blog, a private chat room for communicating with victims, several communications channels, and 24/7 support if the affiliate buys a software licence

The gang claims its code has been written from scratch, without recycling code from previous malware samples or ransomware products. But according to a report on Bleeping Computer,  NoEscape is believed to be a rebrand of Avaddon, a ransomware gang that shut down and released its decryption keys in 2021.

According to a ransomware report released last week by the U.K. National Cyber Security Centre, most ransomware incidents are not targeted, but are the result of a threat actor taking advantage of an opportunity — for example, discovering an organization has an unpatched server or buying a stolen or cracked password from another threat actor.

“Most ransomware incidents are not due to sophisticated attack techniques,” the report adds, “but are usually the result of poor cyber hygiene. That’s not to say that victims did not take cyber security seriously; modern IT estates are exceptionally complex, particularly for organizations that have undergone acquisitions and mergers, and security controls can be difficult to implement effectively across complex environments.

“Poor cyber hygiene can include unpatched devices, poor password protection, or lack of multi-factor authentication (MFA). Remedying these are not silver bullets, but implementing such measures would interrupt the majority of ransomware attacks. MFA in particular is often not in place, which enables many ransomware attacks to be successful.”

The post Ransomware gang says it has hit International Joint Commission first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for the week ending Friday, Sept. 29, 2023

This episode features discussion on October Security Awareness Month, ransomware, teenage hackers and the start of hearings into proposed Canadian privacy a

Admins urged to quickly patch holes in WS_FTP file transfer server

This is the fourth file transfer application -- and the second from Progress Software -- to recently face critical vulne

Cyber Security Today, Sept. 29, 2023 – Protect your routers from this attacker, new open-source malware packages found, and more

This episode reports on a China-based group that specializes in hacking branch office routers of major

Champagne squeezed to produce proposed amendments on privacy, AI bills

Opposition gives government five business days to produce proposed

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways