Ontario construction firm victim of ransomware attack

A multi-million dollar Ontario construction firm that has worked on major federal and provincial projects including facilities for national defence and police stations has been hit by a ransomware attack.

According to CBC News, Bird Construction of Mississauga, Ont., acknowledged that it was recently victimized, but didn’t give any details.

“Bird Construction responded to a cyber incident that resulted in the encryption of company files,” the CBC quoted an unnamed company spokesperson as saying. “Bird continued to function with no business impact, and we worked with leading cybersecurity experts to restore access to the affected files.”

IT World Canada has been trying unsuccessfully to get hold of the company.


Phishing campaign continues to mimic Canada’s biggest banks online

Brett Callow,  a British Columbia-based security analyst with the anti-virus software firm Emsisoft, told IT World Canada that in December the group behind the Maze ransomware posted a note on its site that it had infected the construction company’s systems. The Maze group includes data theft among its strategies, using the threat of releasing some data to pressure victims into paying up. That December note was one of a list of companies Maze said hadn’t co-operated, so their data might be released.

It isn’t clear from the company’s statement if it paid a ransom. But Callow said that for a brief period of time the employee records of a few Bird Construction employees — including their social insurance numbers — were posted on the Maze site. In addition, a document from Calgary-based Suncor Energy that didn’t have personally identifiable information was briefly published by Maze.

“It’s not at all unlikely that the actors are still in possession of the data,” Callow said in an email. “Even if Bird paid the ransom, it seems likely that the criminals would retain the data as they are able to use or monetize at a later date.”

Callow added he has major concerns around the exfiltration and blackmail tactics that are being deployed.

“Based on what we see, it seems many companies are quietly paying ransoms and then making no form of disclosure (the U.K. press is currently looking into another case). And, of course, that means employees and customers do not find out that their data has been exposed and so do not know that they should take action,” he explained.

For its fiscal year ending December 2018 Bird Construction had operating revenue of $1.3 billion and a net loss of $1 million. The fiscal 2019 results haven’t been announced yet. In November the company recorded a third-quarter net income of $6.8 million on construction revenue of $378 million. In December the company said it had signed a subcontract with the consortium building the second stage of an extension of Ottawa’s light rail transit line. Its job will be to build seven of the 16 stations and a light maintenance and storage facility. No value for that contract was announced.

Over the years Bird Construction has built or been part of consortiums for a number of facilities across Canada, some of them which could be considered sensitive. These include the $263 million RCMP’s southern B.C. headquarters in Surrey; 18 facilities for the Ontario Provincial Police, an aircraft maintenance hangar for Canadian Force base at Trenton, Ont.; and the $104 million expansion of helicopter facilities at the air force base in Dartmouth, Nova Scotia.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs