Get all your news in one place.
100’s of premium titles.
One app.
Start reading
RideApart
RideApart
Sport
Dustin Wheelen

Ransomeware Cyberattack Shuts Down BRP Production And Operations

BRP (Bombardier Recreational Products) was riding high on August 8, 2022. One day removed from introducing its latest Can-Am, Sea-Doo, Rotax, Alumacraft, and Manitou lineups at the Club BRP 2023 event, the future seemed bright for the Canadian company. That is until a cyberattack crippled the conglomerate’s operations and production.

Ransomware gang RansomEXX promptly took credit for the “malicious cyberactivity”, stealing 29.9GB of files pertaining to non-disclosure agreements, passports, IDs, contracts, and supply agreements. RansomExx (aka Defray777 and Ransom X) is a human-operated ransomware variant that targets corporations by stealing personal data and encrypting internal files. If the company refuses to pay a ransom for decrypting the files, RansomExx threatens to publicize the looted information.

Fortunately, BRP reports that no customer data was compromised in the breach. However, further investigative efforts revealed that RansomEXX also accessed employee login credentials during the attack. BRP has since asked its employees to change their passwords to avoid additional vulnerabilities.

"Cybersecurity at BRP is a top priority. We have a strong team of experts committed to taking every appropriate measure to ensure the integrity of systems and data," proclaimed BRP President and CEO José Boisjoli. "I thank them for all their efforts to mitigate the consequences of the attack."

As of August 16, 2022, BRP announced that its Valcourt (Canada), Rovaniemi (Finland), Sturtevant (USA), and Gunskirchen (Austria) plants resumed production after a week-long shutdown. The company’s other production facilities ramped up in a phased approach shortly after.

In the released statement, BRP also claimed that it “has put in place a recovery plan to minimize the financial consequences of the cyberattack and does not anticipate any impact on its year-end financial guidance.”

On the other hand, it seems like BRP still isn’t out of the woods. The company recently released a statement in response Montreal newspaper La Presse's coverage, claiming that “(BRP) will not comment on any discussions or potential negotiations with cyber threat actors, including any ransom payments.”

Hopefully, BRP fully fends off the attack and returns to business as usual. The firm recently announced Can-Am's return to the two-wheeled market with the electric Pulse and Origin concepts. It would be a shame to see those models delayed due to RansomEXX’s cyberattack.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.