{
	"id": "d68a9d9f-b239-4be9-8af2-0e1adfc27630",
	"created_at": "2026-04-06T00:11:05.840065Z",
	"updated_at": "2026-04-10T03:21:39.278238Z",
	"deleted_at": null,
	"sha1_hash": "aa28bf093c3aaab69d03654d9f51e2042e01d771",
	"title": "Canadian retailer Home Hardware hit by ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 169323,
	"plain_text": "Canadian retailer Home Hardware hit by ransomware\r\nArchived: 2026-04-05 18:03:34 UTC\r\nThis advertisement has not loaded yet, but your article continues below.\r\nSkip to Content\r\nNews\r\nEconomy\r\nEnergy\r\nMining\r\nReal Estate\r\nFinance\r\nWork\r\nWealth\r\nInvestor\r\nFP Comment\r\nExecutive Women\r\nPuzzmo\r\nNewsletters\r\nFinancial Times\r\nBusiness Essentials\r\nThis advertisement has not loaded yet, but your article continues below.\r\n1. Home\r\n2. Innovation\r\n3. Information Technology\r\nCanadian retailer Home Hardware hit by ransomware\r\nAuthor of the article:\r\nhttps://financialpost.com/technology/tech-news/canadian-retailer-home-hardware-hit-by-ransomware\r\nPage 1 of 6\n\nOne of the country’s biggest privately-held dealer-owned hardware retailers has acknowledged it was hit by\r\nransomware, with the threat group promising to start releasing copied data today, April 2.\r\nTHIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY\r\nSubscribe now to read the latest news in your city and across Canada.\r\nExclusive articles from Barbara Shecter, Joe O'Connor, Gabriel Friedman, and others.\r\nDaily content from Financial Times, the world's leading global business publication.\r\nUnlimited online access to read articles from Financial Post, National Post and 15 news sites across\r\nCanada with one account.\r\nNational Post ePaper, an electronic replica of the print edition to view on any device, share and comment\r\non.\r\nDaily puzzles, including the New York Times Crossword.\r\nSUBSCRIBE TO UNLOCK MORE ARTICLES\r\nSubscribe now to read the latest news in your city and across Canada.\r\nExclusive articles from Barbara Shecter, Joe O'Connor, Gabriel Friedman and others.\r\nDaily content from Financial Times, the world's leading global business publication.\r\nhttps://financialpost.com/technology/tech-news/canadian-retailer-home-hardware-hit-by-ransomware\r\nPage 2 of 6\n\nUnlimited online access to read articles from Financial Post, National Post and 15 news sites across\r\nCanada with one account.\r\nNational Post ePaper, an electronic replica of the print edition to view on any device, share and comment\r\non.\r\nDaily puzzles, including the New York Times Crossword.\r\nREGISTER / SIGN IN TO UNLOCK MORE ARTICLES\r\nCreate an account or sign in to continue with your reading experience.\r\nAccess articles from across Canada with one account.\r\nShare your thoughts and join the conversation in the comments.\r\nEnjoy additional articles per month.\r\nGet email updates from your favourite authors.\r\nTHIS ARTICLE IS FREE TO READ REGISTER TO UNLOCK.\r\nCreate an account or sign in to continue with your reading experience.\r\nAccess articles from across Canada with one account\r\nShare your thoughts and join the conversation in the comments\r\nEnjoy additional articles per month\r\nGet email updates from your favourite authors\r\nSign In or Create an Account\r\nHome Hardware Stores Ltd., with over 1,050 stores under the Home Hardware, Home Building Centre, and Home\r\nFurniture banners, acknowledged to ITWorldCanada.com an attack hit it in February.\r\nThis advertisement has not loaded yet, but your article continues below.\r\n“An unauthorized third-party was able to access parts of our corporate data,” Jessica Kuepfer, the company’s\r\ndirector of communications, said in an e-mail Friday.\r\nhttps://financialpost.com/technology/tech-news/canadian-retailer-home-hardware-hit-by-ransomware\r\nPage 3 of 6\n\nGet the latest headlines, breaking news and columns.\r\nBy signing up you consent to receive the above newsletter from Postmedia Network Inc.\r\n“We immediately engaged our cybersecurity firm and quickly implemented countermeasures to isolate and\r\ncontain the attack. We have maintained full business continuity.\r\n“Each of the stores are independently owned and operated. Based on our investigation, it appears that attack has\r\nnot impacted dealer retail systems or any consumer transaction or payment data.”\r\nAt press time Kuepfer didn’t reply to a query about how much money DarkSide has demanded and whether the\r\ncompany has talked to the attackers.\r\nhttps://financialpost.com/technology/tech-news/canadian-retailer-home-hardware-hit-by-ransomware\r\nPage 4 of 6\n\nThe attack against the Ont.-based Home Hardware comes after the DarkSide ransomware group began posting\r\nwhat it said was corporate data copied from the company and promising to publicly release data if it isn’t paid for\r\ndecryption keys.\r\nA screenshot of the notice on the group’s website says:\r\n“We have downloaded a lot of your private data. You can see examples below. If you need proofs we are ready to\r\nprovide you with it. The data is preloaded and will automatically be published in our blog if you do not contact us.\r\nAfter publication your data can be downloaded by anyone. It is stored on our tor for CDN and will be available\r\nfor at least six months.”\r\nThis advertisement has not loaded yet, but your article continues below.\r\nScreenshots of some of the documents seen by ITWorldCanada.com include what appears to be a December 2020\r\nfinancial report and a November 2020 letter marked “Strictly Private and Confidential” dealing with an\r\nacquisition that was announced three months later.\r\nThe DarkSide website also includes countdown clocks for the automatic release of what are said to be copied\r\ndocuments for today, Saturday and Sunday.\r\nCompanies dealing with data exfiltration situations have no good options, commented Brett Callow, a British\r\nColumbia-based threat researcher for Emsisoft.\r\n“They’ve been breached, and their data is in the hands of cybercriminals. If they refuse to pay the criminals, their\r\ndata will be released online. If they do pay, they’ll simply get a pinky-promise from a bad faith actor that the\r\nstolen data will be deleted – and, of course, there is ample evidence that that does not happen. Why would a\r\ncriminal enterprise delete data that it may be able to use or further monetize?\r\n“Unfortunately, data exfiltration is proving to be a strategy that works, with many organizations that were able to\r\nrecover their systems using backups having still paid demands to stop their data being released. Since ransomware\r\ngroups began exfiltrating data at the end of 2019, about 1,500 organizations have had their data stolen and posted\r\nonline, while many others paid to prevent it being published.”\r\nThis advertisement has not loaded yet.\r\nThis advertisement has not loaded yet, but your article continues below.\r\nAccording to a recent analysis by security vendor Varonis, DarkSide is a ransomware-as-a-service group that\r\nbegan operating last August. Like other RaaS services it offers, anyone who helps spread their malware gets 10 to\r\n25 per cent of the payout.\r\nSince starting they have become known for their “professional operations and large ransoms,” the report said.\r\n“They provide web chat support to victims, build intricate data leak storage systems with redundancy, and perform\r\nfinancial analysis of victims prior to attacking,” it read. “Our reverse engineering revealed that Darkside’s\r\nmalware will check device language settings to ensure they don’t attack Russia-based organizations. They have\r\nalso answered questions on Q\u0026A forums in Russian and are actively recruiting Russian-speaking partners.”\r\nhttps://financialpost.com/technology/tech-news/canadian-retailer-home-hardware-hit-by-ransomware\r\nPage 5 of 6\n\nDarkSide often uses compromised third-party contractor accounts to access Virtual Desktop Infrastructure (VDI)\r\nthat had been put in place to facilitate remote access during the pandemic, says Varonis. It has also exploited\r\nservers, and then quickly deploys an additional remote access backdoor that would preserve access should the\r\nvulnerable server be patched.\r\nThis advertisement has not loaded yet, but your article continues below.\r\n“While neither of these vectors is novel, they should serve as a warning that sophisticated threat actors are easily\r\nbypassing perimeter defences,” according to the report. “They illustrate the need for multi-factor authentication on\r\nall internet-facing accounts and rapid patching of internet-facing systems.”\r\nIn January, Bitdefender released a decryptor for the version of the DarkSide encryption algorithm used at that\r\ntime.\r\nThis section is powered by IT World Canada. ITWC covers the enterprise IT spectrum, providing news and\r\ninformation for IT professionals aiming to succeed in the Canadian market.\r\nThis advertisement has not loaded yet.\r\niiq_pixel\r\nSource: https://financialpost.com/technology/tech-news/canadian-retailer-home-hardware-hit-by-ransomware\r\nhttps://financialpost.com/technology/tech-news/canadian-retailer-home-hardware-hit-by-ransomware\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://financialpost.com/technology/tech-news/canadian-retailer-home-hardware-hit-by-ransomware"
	],
	"report_names": [
		"canadian-retailer-home-hardware-hit-by-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434265,
	"ts_updated_at": 1775791299,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/aa28bf093c3aaab69d03654d9f51e2042e01d771.pdf",
		"text": "https://archive.orkl.eu/aa28bf093c3aaab69d03654d9f51e2042e01d771.txt",
		"img": "https://archive.orkl.eu/aa28bf093c3aaab69d03654d9f51e2042e01d771.jpg"
	}
}