AutoCanada Hit by Major Ransomware Attack from Hunters International

Incident Date: Sep 17, 2024

Attack Overview

VICTIM

AutoCanada

INDUSTRY

Retail

LOCATION

Canada

ATTACKER

Hunters International

FIRST REPORTED

September 17, 2024

Request Removal

Ransomware Attack on AutoCanada by Hunters International

AutoCanada, a prominent North American automotive dealership group headquartered in Edmonton, Alberta, has fallen victim to a ransomware attack by the group Hunters International. The attackers claim to have exfiltrated 3.9 TB of data from AutoCanada's internal IT systems, significantly impacting the company's operations.

About AutoCanada

AutoCanada is the only publicly traded automotive dealer group in Canada, listed on the Toronto Stock Exchange under the ticker symbol TSX: ACQ. The company operates 83 franchised dealerships across eight provinces in Canada and an additional group in Illinois, USA. AutoCanada offers a wide range of vehicles from 28 different brands, including Chrysler, Dodge, Jeep, Ram, Chevrolet, Ford, and Mercedes-Benz. In 2023, AutoCanada reported over $6 billion in revenue and sold more than 100,000 retail vehicles.

Attack Overview

The ransomware attack reportedly occurred in August, with the attackers setting a ransom deadline for September 20th. The breach has disrupted AutoCanada's operations, and the company is currently assessing the full extent of the damage. The exfiltrated data includes sensitive information that could have severe implications for the company's business and customer trust.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains significant overlap with Hive, suggesting a shared technical lineage. Hunters International focuses on exfiltrating data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Vulnerabilities

While the exact method of penetration remains unclear, it is likely that Hunters International exploited vulnerabilities in AutoCanada's IT infrastructure. Common attack vectors include phishing emails, unpatched software, and weak network security protocols. The group's sophisticated encryption methods and tactics, inherited from Hive, make it a formidable threat to organizations with insufficient cybersecurity measures.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.