Canadian mining firm shuts down mill after ransomware attack

Canadian mining firm shuts down mill after ransomware attack

The Canadian Copper Mountain Mining Corporation (CMMC) in British Columbia has announced that it was the target of a ransomware attack that impacted its operations.

CMMC, partly owned by Mitsubishi Materials Corporation, is an 18,000-acre claim that produces an average of 100 million pounds of copper per year and has an estimated mineral reserve capacity for another 32 years.

The cyberattack targeting the company occurred late on December 27, 2022, and the firm’s IT team responded quickly by implementing the predefined risk management systems and protocols.

To contain the incident, CMMC isolated the infected systems and took down other parts to examine them thoroughly and determine the ransomware attack’s impact.

CMMC’s engineers had to shut down the mill as a preventative measure to determine the status of its control system, while other processes switched to manual operations.

“The Company’s external and internal IT teams are continuing to assess risks and are actively establishing additional safeguards to mitigate any further risk to the Company,” reads the announcement on CMMC’s website.

“Copper Mountain is investigating the source of the attack and is in contact with the relevant authorities, who are assisting the Company” – Canadian Copper Mountain Mining Corporation

CMMC’s announcement clarifies that the cybersecurity incident did not compromise the safety measures or cause any kind of environmental damage.

The company’s main priority at this time is to return to normal operations as soon as possible, limiting the financial impact of the incident.

An interesting detail discovered by BleepingComputer with the help of cyber-intelligence firm KELA is that a cybercriminal offered to sell account credentials belonging to a CMMC employee on a hacker marketplace on December 13, 2022.

Given the close dates between the credential being offered for sale and the disclosure of the ransomware attack, it is likely that that hackers used a compromised account to gain a foothold on the company’s network.

Source link