Operations at a Winnipeg-based plastic packaging giant were disrupted for about two weeks after its computer network was held "ransom" in a "sophisticated" cyberattack that’s becoming increasingly common in Canada.
Hackers infiltrated Winpak Ltd., which has manufacturing plants in Canada, the U.S. and Mexico, in a ransomware attack, sources told the Free Press.
Tasks had to be done manually while computers were "down," and everything from order processing to email and phone systems were disrupted, the sources said.
One source was unable to contact employees at the Winnipeg plant for a "significant" period of time following the attack.
A spokesman for Winpak, based at 100 Saulteaux Cres. in the Murray Industrial Park in St. James, said the company learned on Feb. 21 its network had been "targeted through sophisticated and unauthorized means."
Operations didn’t return to normal until early last week, he said.
Winpak would not say how much money was demanded or if a ransom was paid. Such attacks can be very profitable for cyber criminals, netting them tens of thousands or even millions of dollars.
"Winpak immediately took action to protect our infrastructure and we are back resuming normal business operations," the company said a prepared statement. "We are working with a team of third-party cybersecurity experts to investigate the incident and are taking all the necessary steps to respond to the incident.
"This matter is of the utmost concern to Winpak and is being treated as our highest priority. We thank everyone for their patience during this time."
“This matter is of the utmost concern to Winpak and is being treated as our highest priority. We thank everyone for their patience during this time.” – Winpak
A Winpak spokeswoman said details were given to staff and customers, and the matter was being dealt with internally by senior management and the legal department.
She was "not sure" if the cyberattack had been reported to police.
A Winnipeg police spokeswoman said the service "does not have anything further to add beyond Winpak’s statement."
Unifor Local 830, which represents Winpak employees, declined to comment.
Most ransomware attacks begin with a hacker sending malicious software, or malware, in a phishing email disguised as being from a trustworthy sender, said experts.
When opened, the malware infiltrates a network and encrypts files, essentially locking out an entire company. Usually, a message pops up demanding the victim pay a ransom in cryptocurrency to regain access.
Everything run by a hacked network is disrupted. This can include email servers, phones, security cameras and swipe cards, software to process orders and access to sensitive employee or financial data.
"It will lock up everything it can and make nothing usable," said Matthew Manaigre, a cybersecurity expert and president and CEO of Winnipeg-based Avenir IT. "It’s quite crippling."
Most ransomware attacks are kept quiet, but they happen all the time, said Manaigre and Toronto-based cybersecurity and tech analyst Ritesh Kotak.
"It’s a lot more common than people realize," said Kotak. "There has been a significant increase."
In a survey of more than 1,000 Canadian businesses last September, 55 per cent of respondents said their organization had been a recent victim of ransomware. Of those, almost 60 per cent paid a ransom, and 14 per cent paid more than once.
“It’s a lot more common than people realize... There has been a significant increase.” – Ritesh Kotak, tech analyst
Canadian companies pay an average ransom of $458,247, according to the poll conducted by Angus Reid on behalf of cybersecurity company Palo Alto Networks.
Of those polled, 17 per cent paid between $500,000 and $5 million.
"My position has always been not to pay," said Kotak.
If a ransom is paid, the hackers could refuse to give a decryption key or demand more cash, or the money could end up funding terrorism or organized crime, he said.
Of the businesses polled by Angus Reid, 58 per cent needed more than a month to recover from an attack.
In December, the Communications Security Establishment (CSE), the national cyberspy agency, said Canada is among the top countries affected by ransomware.
More than half of Canadian victims in the first half of 2021 were critical infrastructure providers, including the energy, health and manufacturing sectors, the CSE said.
It said the frequency of global ransomware attacks soared 151 per cent from 2020 to 2021, and the average cost of recovery had more than doubled to $2.3 million last year.
Manaigre and Kotak said the trends show more companies need to back up their data and do a better job of blocking malware to ensure employees don’t open harmful files.
Publicly traded on the Toronto Stock Exchange, Winpak makes packaging materials mostly for perishable food, drinks, pharmaceuticals and medical and personal care products.
It has 12 manufacturing plants in North America that employ about 2,500 people, including roughly 700 in Winnipeg.
Earlier this month, Winpak reported a record $1 billion in revenue for the 2021 fiscal year, a 17.5 per cent increase from $852 million in 2020.
Net income was $106 million, as sales volumes jumped by almost 10 per cent to mark the firm’s highest annual growth rate since 2014.
In its 2021 annual report, Winpak said it had "successfully" managed the impact of the COVID-19 pandemic while also dealing with"extremely difficult" supply chain problems and a labour shortage that were likely to continue in 2022.
Last month, the company closed a production line as it struggled to obtain raw material while anti-COVID-19 vaccine mandate protesters blocked the Canada-U.S. border in Emerson.
CEO Olivier Muggli told the Free Press the blockade "hurt us significantly."
— with files from Carol Sanders