Federated Co-op websites return after cyberattack, online shopping still unavailable
CBC
In its latest update about a cyberattack that hampered its web services and thinned grocery stock, Federated Co-operatives Limited says its websites are back online.
At the end of June, local Co-op stores and Federated Co-op announced they had been the target of a cyberattack that was impacting internal and customer-facing systems. It affected cardlock fuel locations and stock in some grocery stores.
From B.C. to Manitoba, Co-op has 274 grocery stores, 454 gas bars and 396 commercial cardlock fuel facilities.
According to its social media, Co-op has also restored its corporate and local websites, though online shopping is still unavailable.
Grocery supply — at least in Saskatoon stores — remained spotty on Wednesday.
"The shelves are a little emptier, but that's pretty much it," shopper Paulette Wallace said. She said she quickly noticed that the inventory had dwindled after the cyberattack, but it hasn't affected her much.
"There's some products I'd like to get, but they're just not there," said Rick Newell, another customer.
Co-op communications director Brad DeLorey responded to an interview request with an email.
"As the investigation is ongoing I cannot at this time expand on details. We have been diligently working to restore complete operations throughout Western Canada. We are committed to providing updates and will continue to do so," he said.
Cybersecurity expert Terry Cutler said that companies should have a playbook to ensure they're managing cyberattacks without erasing evidence of how they were compromised.
"If it's a ransomware attack, you are down for a minimum 100 hours," Cutler said.
Others attacks can take months to resolve. That time is spent reinstalling systems, collecting evidence and, potentially, negotiating a ransom.
"Even if you paid, it doesn't always come back properly, so now you're forced to rebuild information manually."
Cutler is the CEO at Cyology Labs, a cybersecurity company based out of Dorval, Que. He is an "ethical hacker," who receives permission from companies to try to hack them to find holes in their security systems.