The International Joint Commission (IJC), a key organization for mediating water rights between the U.S. and Canada, has confirmed it fell victim to a cyberattack.
The commission, however, remains tight-lipped about the details, refusing to confirm or deny claims by a ransomware gang that they have stolen significant amounts of sensitive data.
A week ago, the NoEscape ransomware gang claimed responsibility for the cyberattack, saying they stole 80GB of data from the organization. According to the criminals, this data consists of confidential information such as contracts, legal documents, employee and member details, geological files, financial records, and insurance information.
A spokesperson for the IJC confirmed a "cybersecurity incident" but provided no further details.
"The International Joint Commission has experienced a cybersecurity incident, and we are working with relevant organizations to investigate and resolve the situation," the spokesperson told The Register.
Beyond this, the representative refused comment, including on whether the organization would negotiate with the ransomware gang or pay ransom.
Adding pressure to an already tense situation, NoEscape has started a countdown, threatening to publicly release the stolen data within 10 days if their demands are unmet.
"If management continues to remain silent and does not take the step to negotiate with us, all data will be published," the cybercriminal group warned. "We have more than 50,000 confidential files, and if they become public, a new wave of problems will be colossal."
The IJC plays a crucial role in mediating disputes related to bodies of water shared between the U.S. and Canada. It also has the authority to approve or veto projects that affect water levels in rivers and lakes along the U.S.-Canada border.
If released, the compromised data could have far-reaching implications, not just for the IJC but also for diplomatic relations between the neighboring countries.
NoEscape is a Ransomware-as-a-Service (RaaS) operation that first surfaced in May and is known for its double extortion technique. The group steals data before encrypting it, putting victims in a precarious situation where the data and encryption keys are held for ransom.
Notably, NoEscape does not target countries of the former Soviet Union, aligning with a broader pattern of ransomware gangs avoiding attacks on those nations.
As the countdown initiated by NoEscape looms, it remains to be seen how the International Joint Commission will respond and what the fallout could be if the stolen data is made public.