Suncor, one of the largest energy companies in North America, has suffered a cyber attack that left Canadian motorists unable to make gas station purchases with payment cards, and even disabled car washes.
In a curt press release on Sunday, Suncor revealed that it had "experienced a cyber security incident," but gave little other information.
But the impact was clear to anyone who tried to buy something at a one of the over 1,800 Petro-Canada gas stations (owned by Suncor) across Canada.
As Petro Canada explained in a series of tweets, although its gas stations were open for business - they were unable to accept payments by debit and credit card.
Furthermore, anyone attempting to log into Petro-Canada's Petro-Points portal are prompted to perform a U-turn pronto.
Login is temporarily unavailable.
In an update posted on Twitter earlier today, Petro-Canada said it was "making progress" on resolving customer disruption, with "debit and credit transactions available at most locations".
However, Petro-Canada added that its app, Petro-Points program, and some of its car washes remain unavailable.
Presently it's unclear whether the "cybersecurity incident" that Suncor has experienced is a ransomware attack - but I don't think anyone would be surprised if that did turn out to be the problem.
If this was a ransomware attack, it's possible that the cybercriminals behind it might have encrypted data on Suncor's computer network and/or exfiltrated data.
"At this time, we are not aware of any evidence that customer, supplier or employee data has been compromised or misused as a result of this situation," the energy company said in its press release at the weekend.
It is not known at this stage if Suncor has received any communications or ransom demand from those behind the attack.
Suncor says that it has brought in third-party cybersecurity experts to help it investigate the incident further, and help co-ordinate its response. In addition, the energy giant says that it has notified the authorities of the security breach.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 19, 2024
November 14, 2024