The chain of outdoor stores La Cordée has been the victim since Wednesday of a “cyber incident” which affects its payment systems, its internet network and its telephone system.
In an interview with La Presse, the president of the chain, Cédric Morisset, said he wanted to keep the details “confidential” for the moment, on the advice of the “authorities” and the firm called to the rescue, KPMG.
He declined to say whether the attack was the work of a ransomware gang, like those that have been ramping up hacks around the world in recent years.
The La Cordée website is functioning normally, as are online transactions, but activities in the seven physical branches are affected.
“I have two checkouts that work per store,” the boss said. It’s more in slow motion, but we’re getting everything back in order over the next few days. »
According to our information, employees were told that the La Cordée system was “held hostage”. Instructions from cyber hackers recommended visiting a site on the dark web for instructions.
Cédric Morisset assures that for the moment, the specialists who help him recover from the attack have no reason to believe that important data has been stolen.
“We saw abnormal traffic in the network, but only on unimportant files,” he said.
Even if La Cordée refuses to confirm it, the incident has all the appearance of a computer attack, says cybersecurity expert Steve Waterhouse.
“For the rest of them, the first step is to close all the doors and windows and say nothing until the investigation is over,” he said.
According to him, the most likely gateway is a phishing email or text message campaign.
If an employee falls into the trap by clicking on an infected message, hackers enter the network. They can then deploy ransomware, as has usually been the case in recent years.
After infiltrating their targets’ networks, gangs usually start by stealing their content. Then they can try to damage it by encrypting their data. They then demand a ransom to give the victims back access to their information and prevent the information from being published online, often on dark web sites.
Among the latest victims in Quebec are the Yellow Pages, which the Black Basta gang hit in April.
Investissement Québec and Rio Tinto also had to recover from an attack by the Clop gang on a file-sharing platform they used, GoAnywhere. The state-owned company has seen information about its clients’ projects leaked on the group’s site on the dark web.
In November, the City of Westmount was also a victim of the Lockbit gang.
This spring, it was mostly denial of service attacks that made the headlines. On a Telegram account, a group of pro-Russian cyberhackers claimed the repeated decommissioning of the sites of Prime Minister Justin Trudeau and that of Hydro-Québec, in particular.