Canadian fuel distributor Parkland targeted in cyberattack

Ransomware group claims responsibility as company probes incident

The Alberta-based company said it had detected the attack on Nov. 14 on a “subset of its Canadian network” and that it temporarily disabled some computer applications as a precaution. The attack failed to result in any significant operational disruptions, a company spokesperson told FreightWaves.

Parkland disclosed the cyberattack after a ransomware group called Clop made a post on the dark web claiming it had targeted the company. Clop did not provide any proof that it had breached Parkland’s systems or stolen data.

The company, meanwhile, is investigating the extent of the breach. 

“To date, while we know there has been unauthorized access to some information, our investigation has not identified evidence of access to our core customer, or employee systems,” the Parkland spokesperson said. “As the investigation continues, we will notify any stakeholder that may have been directly affected.”

Parkland is Canada’s largest gas station operator and has an extensive wholesale distribution business. The company also operates in the U.S. and the Caribbean.

While Parkland would not confirm that it was targeted by a ransomware gang, groups like Clop typically announce their attacks and begin posting stolen data after victims refuse to pay sometimes staggering ransoms.

Clop reportedly demanded over $20 million from German tech giant Software AG after stealing and then encrypting large amounts of data. The gang released troves of files including detailed financial and customer records, and personal data about employees.

Ransomware attacks proliferate in the supply chain

Ransomware groups have stepped up their attacks on companies in the supply chain in 2020 amid a larger surge across multiple industries. Victims have included Daseke, TFI International and CMA CGM.

The perpetrators seek to infiltrate company systems and disrupt operations by encrypting data. They demand money in exchange for restoring access, and increasingly for a promise not to publish the data.

Government agencies and many cybersecurity experts urge companies not to pay the ransoms, arguing the payments allow the attacks to proliferate. However, many companies, sometimes with specialized insurance policies, opt to pay quietly.