La Cordée victim of a “cyber incident”

The chain of outdoor stores La Cordée has been the victim since Wednesday of a “cyber incident” which affects its payment systems, its internet network and its telephone system.

In interview with The Pressthe president of the chain, Cédric Morisset, says he wants to keep the details “confidential” for the moment, on the advice of the “authorities” and the firm called to the rescue, KPMG.

He declined to say whether the attack was the work of a ransomware gang, like those that have been ramping up hacks around the world in recent years.

The La Cordée website is functioning normally, as are online transactions, but activities in the seven physical branches are affected.

In slow motion

“I have two checkouts that work per store,” says the boss. It’s more in slow motion, but we’re in the process of bringing everything back to normal over the next few days. »

According to our information, employees were told that the La Cordée system was “held hostage”. Instructions from the hackers recommended visiting a site on the hidden web (dark web) for instructions.

Cédric Morisset assures that for the moment, the specialists who help him recover from the attack have no reason to believe that important data has been stolen.

“We saw abnormal traffic in the network, but only on unimportant files,” he said.

“Close doors and windows”

Even if La Cordée refuses to confirm it, the incident looks like a computer attack, says cybersecurity expert Steve Waterhouse.

“For them, the first step is to close all the doors and windows and say nothing until the investigation is over,” he said.

According to him, the most likely gateway is a phishing email or text message campaign.

If an employee falls into the trap by clicking on an infected message, hackers enter the network. They can then deploy ransomware, as has usually been the case in recent years.

After infiltrating their targets’ networks, gangs usually start by stealing their content. Then they can try to damage it by encrypting their data. They then demand a ransom to restore the victims’ access to their information and prevent the information from being published online, often on hidden web sites (dark web).

Among the latest victims in Quebec are the Yellow Pages, which the Black Basta gang hit in April.

Investissement Québec and Rio Tinto also had to recover from an attack by the Clop gang on a file-sharing platform they used, GoAnywhere. The state-owned company has seen information about its clients’ projects leaked on the group’s site on the dark web.

In November, the City of Westmount was also a victim of the Lockbit gang.

This spring, it was mostly denial of service attacks that made the headlines. On a Telegram account, a group of pro-Russian cyberhackers claimed the repeated decommissioning of the sites of Prime Minister Justin Trudeau and that of Hydro-Québec, in particular.