BREAKING NEWS: Moneris says no ‘critical’ data affected in ransomware gang’s attack

Share post:

The Medusa ransomware group has listed Canada’s Moneris Solutions Corp., a partnership of two of the country’s biggest banks which provides the point of sales IT network and terminals used by retailers across the country. This morning Brett Callow, a Canadian-based threat researcher for Emsisoft, tweeted the news on the X platform. A screen shot of the gangs’ blog says it is demanding $6 million for the deletion of stolen data, or the information will be publicly released in eight days.

In a statement responding to a query from IT World Canada, Darren Leroux, Moneris’ director of communications, said that “we can confirm that an attempt was made by an external party and our cybersecurity team prevented access to any critical data. Following the attempt, our team did a full audit and analysis of the incident, reviewed all information, and concluded none of our digital loss prevention policies were triggered.

“Cybersecurity is a top Moneris priority, and we take the protection of our customers and their data seriously. We employ a dedicated team to manage and respond to cyber risks and their swift actions ensured Moneris and its customers were not impacted.”

Moneris was asked to clarify its statement that no “critical” data was accessed by the attacker. The gang has posted what it says are screenshots of stolen Moneris data. Asked about the Moneris statement, Callow said it’s possible Medusa got nothing, so listing Moneris is an attempt to “shake down” the company. “This wouldn’t be the first time Medusa has listed a victim and never produced proof of the attack. That has happened before. They may simply hope that by listing an organization they may pay up, because it’s not always easy to conclusively rule out the possibility that data was taken. Sometimes [threat] groups will try to leverage that to their advantage by claiming to have data they do not [have].” Moneris is a joint venture between the Royal Bank and the Bank of Montreal. It says more than 325,000 retailers, tradespeople, and businesses are connected to the Moneris network for wired or wireless processing of credit and debit card or business-to-business transactions. The company also offers a full e-commerce solution for retailers based on the Wix platform. That allows retailers to offer customers the ability to pay using a digital wallet or eGift cards. Among the Medusa gang’s latest victims are the Philippine Health Insurance Corporation, which in September was asked to pay US$300,000 for decryption keys to unscramble compromised data and the deletion of stolen data; the Minneapolis Public School System, which in February was asked to pay US$1,000,000 to delete data the gang stole. In May that data — including students’ psychological reports — was published. Earlier this month, Medusa also claimed to have attacked the Canadian Psychological Association and is demanding $200,000 for the deletion of stolen data. IT World Canada asked the CPA for comment on Nov. 5, but received no response. The Medusa gang is a separate group from those running the MedusaLocker ransomware operation. The post BREAKING NEWS: Moneris says no ‘critical’ data affected in ransomware gang’s attack first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for Friday, December 1, 2023

This episode features a discussion on ransomware, the latest explanation from Okta of a support hack and a survey of infosec pros whose firms w

Cyber Security Today, Dec. 1, 2023 podcast – More on compromises

This episode reports on the sanctioning of the Sinbad crypto mixe

All Okta customer support users had their email addresses copied

Identity and access provider Okta now says the threat actor who accessed its customer help desk system last month got the names and email addresses of all contacts of organizations that use its support system. Originally, the company said that, after an investigation, it determined only one per cent of the contacts from its 18,000

Failure of technology to detect attacks is a prime cause of breaches: Survey

Despite the money being poured into cybersecurity by IT departments, the leading cause of breaches of security controls was the failure of technology to detect an attack, a new survey from Trellix suggests. Forty-two per cent of respondents to the international survey of infosec leaders whose organization had suffered a recent cyber attack said their

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways