Gang says it stole more Air Canada data than the company admits

Share post:

The BianLian ransomware gang says Air Canada hasn’t been forthright about the amount of data it stole in last month’s cyber attack.

Last month the airline said an attacker “briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records.” The statement didn’t say how much data was copied.

But this week, in an attempt to pressure the airline, the gang said on its data leak site the company “is only telling half-truths. Employee personal data is only a small fraction of the valuable data over which they have lost control. For example, we have SQL databases with company technical and security issues.”

The gang alleges it has Air Canada technical and operational data from 2008 through 2023, information on the company’s technical and security issues, SQL backups, and unspecified confidential documents as well as employee personal data.

As proof it posted a screenshot of alleged stolen file names, and samples are available for viewing.

Brett Callow, a British Columbia-based threat analyst for Emsisoft who re-posted the gang’s message on X, doesn’t know if the listed data is really from Air Canada.

IT World Canada has asked the airline for comment.

The gang also is trying to put itself in a good light, saying it didn’t install ransomware, only stole data. “Realizing the potential damage we did not cause any damage to [Air Canada’s] infrastructure or internal resources, data exfiltration operation only,” the message says.

Like many other ransomware gangs, BianLian has a double extortion strategy, copying data and threatening to sell or give it away as well as encrypting as many servers as it can. Organizations are then squeezed to pay up to get the stolen data back as well as to get decryption keys.

However, Callow said, since late last year it has stopped encrypting victims’ data and is focusing on information theft. Or, he added, it may still be doing ransomware attacks but under a different name.

There may be several reasons for the shift in strategy, he said: The gang may believe overseeing encryption code and managing decryption keys “is not necessary to make a profit.” It may also hope that merely stealing data makes the gang less of a target for law enforcement, which gets active in high-profile attacks. And BianLian may hope that organizations have “less of a moral objection” to paying what is perceived as strictly a criminal group as opposed to a ransomware gang.

However, Callow agreed, paying a criminal group a ransom still encourages cyber attacks.

The post Gang says it stole more Air Canada data than the company admits first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

AT&T Fined $13 Million for Supply Chain Data Breach

AT&T has agreed to pay a $13 million fine following a significant data breach that exposed information of...

Supply Chain Attack Weaponizes Communication Devices in Lebanon

A sophisticated supply chain attack has turned everyday communication devices into weapons in Lebanon, marking a new era...

Chinese Botnet “Raptor Train” Infects 260,000 Devices Worldwide

A massive Chinese botnet dubbed "Raptor Train" has been disrupted by the FBI and cybersecurity researchers. This sophisticated...

Multi-year spear-phishing campaign finally caught

U.S. federal prosecutors have indicted Wu Song, a Chinese national employed by state-owned Aviation Industry Corporation of China,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways