The organization responsible for managing lake and river systems along the U.S.-Canada border for the past hundred years announced Wednesday that it suffered a cyberattack following reports that ransomware hackers were claiming having stolen tons of data.
The International Joint Commission (IJC), guided by the 1909 Boundary Waters Treaty signed by the two countries, approves projects that affect water levels and flows across the border, studies transboundary problems and proposes solutions.
Monday, the NoEscape ransomware gang claims he attacked the organization – which has offices in Washington, DC, Ottawa and Windsor – and stole 80 GB of contracts, geological records, conflict of interest forms and much more.
#No leak listed the International Joint Commission. #Ransomware 1/3 pic.twitter.com/MCQzSCbmUS
– Brett Callow (@BrettCallow) September 11, 2023
The gang gave the CMI 10 days to respond to its ransom demand. The group did not say how much money it was demanding to unlock the files.
On Wednesday, an ICJ spokesperson confirmed it was facing a cybersecurity issue, but declined to say whether law enforcement had been contacted or whether the organization was facing operational issues.
“The International Joint Commission experienced a cybersecurity incident,” a spokesperson said. “The organization is taking steps to investigate and resolve the situation.”
They did not respond to requests for comment on the ransom payment.
Since emerging in May, NoEscape hackers have taken credit for attacks on the German network. bar And Hawaii Community College as well as Australian businessesa hospital in Belgium, a manufacturing company in the United States and another manufacturing company in the Netherlands.
Organizations like the International Joint Commission and others focused on water systems management or legislation have become a battlefield for cybersecurity regulation this year. State lawmakers and federal regulators are currently in court over rules passed by the Environmental Protection Agency (EPA) in March that adds cybersecurity to the state’s annual audits of public water systems.
This week, the Cybersecurity and Infrastructure Security Agency (CISA) announced it would offer drinking water and wastewater systems. free vulnerability scanning services.
Water systems can be subject to weekly automated scans which will provide a report on known vulnerabilities found on internet accessible assets, weekly comparisons and mitigation measures.
“Drinking water and sewer systems are vital to the well-being of our community,” CISA said. “But they are not immune to cyberattacks.”
Future saved
Intelligence cloud.
Jonathan Greig
Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.