The Canadian Copper Mountain Mining Corporation, based in British Columbia in Canada, recently stated that it had been the target of a dedicated ransomware attack that had affected its operations.

Part-owned by the Mitsubishi Materials Corporation, the Canadian Copper Mountain Mining Corporation comprises an 18,000-acre claim that has the capacity to produce an average of around 100 million pounds worth of copper each year. Its current estimated capacity as a mineral reserve will see it continue supply for approximately 32 years.

A rapid response to a cyberattack

The targeted ransomware attack aimed at the mining company took place on December 27, 2022. Once the attack was detected, the firm’s on-staff IT team swiftly responded. They immediately implemented the company’s predefined protocols and systems for risk management, which are designed for such an eventuality.

To effectively contain the malicious incident, the mining company isolated all the infected systems before shutting down other parts of it to investigate them more thoroughly. They then conducted a full analysis of the impact of the ransomware attack.

As a preventative measure, the mining firm’s team of engineers were forced to shut down the site mill to determine what the status of its dedicated control system was, while many of its other processes were switched over to manual operations.

A statement posted on the official Canadian Copper Mountain Mining Corporation website read:

“The Company’s external and internal IT teams are continuing to assess risks and are actively establishing additional safeguards to mitigate any further risk to the Company. Copper Mountain is investigating the source of the attack and is in contact with the relevant authorities, who are assisting the Company.”

Additionally, the company clarified in its web announcement that the cybercriminal incident had not compromised the safety measures of the site or caused any type of environmental damage whatsoever.

The firm stated that its main priority at present is to regain normal operations as quickly as possible, while limiting the potential financial impact of the attack.

Early steps of a ransomware attack

Experts from the cyber intelligence company KELA, in conjunction with the computer help site BleepingComputer, discovered an important detail when investigating the event, which may shed further light on the attack. The research showed that back on December 13, 2022, a threat operator attempted to sell company account credentials that belonged to an employee of the Canadian Copper Mountain Mining Corporation on an infamous hacker marketplace on the dark web.

Given the proximity of the dates when the confidential credentials were offered up for sale and the announcement of the ransomware attack on the Canadian mining company, it is more than possible that the threat operators behind the strike utilised a compromised employee email account to obtain a foothold for their activities on the company network. Business Email Compromise (BEC) is well-known for being an effective technique in the ransomware operator’s toolkit for establishing a presence on a firm’s network before spreading laterally across the system.