Copper Mountain Mining resumes operational production, following ransomware attack
Copper Mountain Mining issued an operational update on the ransomware attack that affected IT systems at its Copper Mountain Mine and corporate office in late December. The company confirmed that production has resumed and that through this downtime, it has been shipping copper concentrate to the Port of Vancouver from mine inventory and has maintained its planned shipping schedule.
“On January 1, the Company resumed operations of the primary crusher at its Copper Mountain Mine, and shortly thereafter, the Company resumed operations at the mill, which was preventatively shutdown following the attack,” the Canadian mining company said in its update on Friday. “On January 4, the mill was at full production and the operation is currently being stabilized as the remaining business systems are fully restored,” it added.
The notice added that Copper Mountain Mining’s external and internal IT teams, along with external cybersecurity experts, are continuing to actively establish additional safeguards to mitigate any further risks to the company. “The company’s primary objective remains to return to full business functionality in a safe and secure manner,” it added.
The ransomware attack against the Vancouver, Canada-based mining company is similar to the June 2021 attack against JBS USA, which impacted the company’s operations in North America and Australia. The company notified the U.S. administration that “they are the victims of a ransomware attack,” and notified the administration that the ransom demand came from a criminal organization likely based in Russia.
Copper Mountain Mining confirmed the ransomware attack in late December, and isolated operations, switched to manual processes, where possible, and the mill has been preventatively shutdown to determine the effect on its control system. The firm “quickly implemented its risk management systems and protocols in response to the attack. The company has isolated operations, switched to manual processes, where possible, and the mill has been preventatively shutdown to determine the effect on its control system,” it added.
Cybersecurity expert Joe Weiss wrote in a recent blog post that the Copper Mountain Mining ransomware attack was another case where process sensor monitoring could have prevented a facility shutdown. “Because the sensor monitoring system was off-line from the facility’s IP network, neither IT malware nor ransomware could reach the sensor monitoring or the process. This means that the mill may NOT have needed to be shut down if the process sensors indicated the process was not affected,” he added.
Weiss added that as any IP network can be hacked, monitoring the physics of the sensors offline is arguably the only approach to justify continued operation during a ransomware or other IT cyberattack.
He also pointed to recent discussions in the insurance industry stating they will not insure ransomware, Weiss highlighted that “one wonders how the insurance industry will view manual shutdowns that could have been prevented by the monitoring of the process sensor physics.”
The ransomware attack against Copper Mountain Mining comes at a time when critical infrastructure installations have been targeted globally. In December, rail infrastructure company Wabtec notified customers of a personal data security breach of some individuals’ personal information being exploited in an incident that occurred across its U.S., Canada, U.K., and Brazil entities.
The security breach at Wabtec is said to have taken place last year, potentially exposing personal and sensitive information. In addition to breaching the network and accessing certain systems containing sensitive information, Wabtec has also determined that malware was introduced into certain systems during the attack.
Around the same time, the Port of Lisbon (Porto de Lisboa) is said to have been breached, leading to its website being inaccessible for over ten days after officials confirmed cyber attackers targeted it. Around the same time, the LockBit ransomware group added the organization to its extortion site, claiming the ransomware attack.
News reports disclosed that the Administration of the Port of Lisbon confirmed that the cyber attack did not compromise operational activity at the critical infrastructure. Following the attack, the administration notified the National Cybersecurity Center and the Judiciary Police of the incident.
Another Lockbit ransomware attack was announced in late December, when The Hospital for Sick Children in Toronto was targeted in an attack that brought down several vital hospital network systems and caused widespread disruptions in patient care, Lali Hadar, a security researcher at OT and IoT company SCADAfence, wrote in a company blog post. “The attack utilized the Ransomware-As-A-Service strain LockBit. While no group claimed responsibility for launching the attack, the makers of LockBit Ransomware issued an apology two weeks after the incident,” she added.
Hadar added that unlike ransomware attacks targeting the financial or banking sector, “attacks on healthcare facilities can have serious consequences beyond just data loss or stolen information. When a hospital or healthcare facility is shut down by threat actors, it can impact human health and safety by interrupting patient care. This makes healthcare attacks often more devastating and more noteworthy than other types of attacks.”
In late October, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released cybersecurity performance goals providing an approachable common set of IT and OT (operational technology) cybersecurity protections to improve cybersecurity across the nation’s critical infrastructure. The CISA CPGs are written and designed to be easy to understand and communicate with non-technical audiences, including senior business leaders, and aimed at addressing some of the most common and impactful cyber risks.
A complimentary guide to the who`s who in industrial cybersecurity tech & solutions
Free DownloadRelated
