Ransomeware Cyberattack Shuts Down BRP Production And Operations
Can-Am's parent company is still dealing with the fallout of the breach.
BRP (Bombardier Recreational Products) was riding high on August 8, 2022. One day removed from introducing its latest Can-Am, Sea-Doo, Rotax, Alumacraft, and Manitou lineups at the Club BRP 2023 event, the future seemed bright for the Canadian company. That is until a cyberattack crippled the conglomerate’s operations and production.
Ransomware gang RansomEXX promptly took credit for the “malicious cyberactivity”, stealing 29.9GB of files pertaining to non-disclosure agreements, passports, IDs, contracts, and supply agreements. RansomExx (aka Defray777 and Ransom X) is a human-operated ransomware variant that targets corporations by stealing personal data and encrypting internal files. If the company refuses to pay a ransom for decrypting the files, RansomExx threatens to publicize the looted information.
Fortunately, BRP reports that no customer data was compromised in the breach. However, further investigative efforts revealed that RansomEXX also accessed employee login credentials during the attack. BRP has since asked its employees to change their passwords to avoid additional vulnerabilities.
"Cybersecurity at BRP is a top priority. We have a strong team of experts committed to taking every appropriate measure to ensure the integrity of systems and data," proclaimed BRP President and CEO José Boisjoli. "I thank them for all their efforts to mitigate the consequences of the attack."
As of August 16, 2022, BRP announced that its Valcourt (Canada), Rovaniemi (Finland), Sturtevant (USA), and Gunskirchen (Austria) plants resumed production after a week-long shutdown. The company’s other production facilities ramped up in a phased approach shortly after.
In the released statement, BRP also claimed that it “has put in place a recovery plan to minimize the financial consequences of the cyberattack and does not anticipate any impact on its year-end financial guidance.”
On the other hand, it seems like BRP still isn’t out of the woods. The company recently released a statement in response Montreal newspaper La Presse's coverage, claiming that “(BRP) will not comment on any discussions or potential negotiations with cyber threat actors, including any ransom payments.”
Hopefully, BRP fully fends off the attack and returns to business as usual. The firm recently announced Can-Am's return to the two-wheeled market with the electric Pulse and Origin concepts. It would be a shame to see those models delayed due to RansomEXX’s cyberattack.
Sources: Bleeping Computer, IT World Canada, La Presse, Emi Soft, BRP
RECOMMENDED FOR YOU
Fines Skyrocket For Truck Drivers Getting Stuck On This Popular Motorcycle Road
AGV’s Pure Carbon Fiber Pista GP RR Now Available In North America
This Tiny Two-Stroke Is A Reminder Of How MotoGP Champions Used To Get Their Start
Actor Norman Reedus Just Took Quasi-Hipster ADV Gear To Mongolia
Someone's Hiding Tire Spikes On Off-Road Trails. And The Type Is Literally Medieval
This City Just Banned New Combustion Two-Wheeler Registrations by 2028. Not Without Criticism
People Searched For a Woman Missing for 3 Days. Then Some UTV Drivers Took a New Trail