{
	"id": "e00953f7-1d36-47f0-bce9-3a7fd64a8525",
	"created_at": "2026-04-06T00:19:23.086992Z",
	"updated_at": "2026-04-10T13:11:31.89523Z",
	"deleted_at": null,
	"sha1_hash": "30176730faa4589eeb702f3dff6cc9fdc5742982",
	"title": "Montreal electricity organization latest victim in LockBit ransomware spree",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 73376,
	"plain_text": "Montreal electricity organization latest victim in LockBit\r\nransomware spree\r\nBy Jonathan Greig\r\nPublished: 2023-08-30 · Archived: 2026-04-05 23:50:56 UTC\r\nThe LockBit ransomware gang continues to dominate headlines and cause concern among cybersecurity experts\r\nwith a spate of attacks on critical organizations, governments and businesses.\r\nOn Wednesday, the gang took credit for an attack on the Commission des services electriques de Montréal\r\n(CSEM) — a 100-year-old municipal organization that manages electrical infrastructure in the city of Montreal.\r\nThe organization confirmed the incident on Tuesday, writing in a statement that it was hit with ransomware on\r\nAugust 3 but refused to pay the ransom. It contacted national authorities and law enforcement in Quebec while\r\nmaking every effort to restore its systems. Its IT infrastructure has already been rebuilt, the company said.\r\n“The criminal group at work in this case has made public today some of the stolen data. The CSEM denounces\r\nthis illegal gesture, while specifying that the data disclosed represents a low risk for both the security of the public\r\nand for the operations carried out by the CSEM,” they said.\r\n“It should be noted that all CSEM projects are the subject of public documents. Therefore, all these plans –\r\nengineering, construction and management – are already publicly available through the official process offices in\r\nQuebec.”\r\nLockBit threatened to leak the data Wednesday, the same day it claimed the attack.\r\nThe incident caps a week of high-profile incidents and news surrounding the gang, which far outpaces all other\r\nransomware groups in terms of the number of attacks launched.\r\nLast Friday, the Spanish National Police warned that it was seeing a wave of highly-sophisticated phishing emails\r\nsent by LockBit actors targeting architecture firms.\r\nThe emails purport to be from a photography company asking for a budget to take pictures of buildings. After\r\nexchanging emails, the fake company sends along a planning document for the photo session that encrypts victim\r\ndevices when downloaded.\r\nThat campaign is part of a wide variety of LockBit attacks on European targets, including a French regional\r\nagency in charge of natural areas in Île-de-France and Capodimonte Museum in Italy.\r\nDespite the gang’s torrid pace, cybersecurity experts are questioning the cybercrime group’s operational strength\r\nafter the release of a bombshell report from Jon DiMaggio, chief security strategist at Analyst1.\r\nIn a followup to his previous report on the gang, DiMaggio said LockBit’s leadership vanished and was\r\nunreachable over the first two weeks of August before resurfacing on August 13.\r\nhttps://therecord.media/montreal-electricity-organization-lockbit-victim\r\nPage 1 of 2\n\nDue to issues with its backend infrastructure and available bandwidth, the group is struggling to publish the data it\r\nsteals during attacks, DiMaggio said. LockBit is essentially pressuring victims to pay ransoms purely off of its\r\nreputation as the most prolific ransomware group currently operating, he said.\r\nThat report was followed by another this week from Kaspersky showing that the reported leak of the LockBit 3.0\r\nransomware builder has led to threat actors abusing the tool to spawn new variants. They found 396 different\r\nsamples based on the LockBit code.\r\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/montreal-electricity-organization-lockbit-victim\r\nhttps://therecord.media/montreal-electricity-organization-lockbit-victim\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/montreal-electricity-organization-lockbit-victim"
	],
	"report_names": [
		"montreal-electricity-organization-lockbit-victim"
	],
	"threat_actors": [],
	"ts_created_at": 1775434763,
	"ts_updated_at": 1775826691,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/30176730faa4589eeb702f3dff6cc9fdc5742982.pdf",
		"text": "https://archive.orkl.eu/30176730faa4589eeb702f3dff6cc9fdc5742982.txt",
		"img": "https://archive.orkl.eu/30176730faa4589eeb702f3dff6cc9fdc5742982.jpg"
	}
}