Groupe Boutin Inc. is a firm in Quebec providing logistics, transportation, and warehousing services, as well as private fleets.
Sam Harper reports that the firm called in a security specialist after detecting a problem and receiving a ransom demand. According to the company’s statement (translation):
The customer and employee portals, accessible from their website, are not responding. In order not to take any unnecessary risks, “we shut down access to all of our systems and workstations. Staff must rebuild a number of servers and “start over some applications. Some of the work in operations is done manually. ”
Boutin says their operations are continuing. “We have been able with our team to make sure that service is not too disrupted. ”
Read more on Blog.Hackfest
The attack has been claimed by CL0P threat actors, who have listed the company on their leak site and have dumped a number of files allegedly from Boutin’s server(s). Unlike some other groups, CLOP does not routinely make a statement about how much data they have exfiltrated from a victim, so the dumped files may or may not be the total dump. The sample did include some personally identifiable information on employees such as photo IDs with health insurance information and an image of a passport. Luckily for the victims, CLOP’s downloads are so frustratingly slow that most people will never download them.
Reporting by @Chum1ng0. Additional comment by Dissent.