New Brunswick

N.B. Liquor cyber security woes continue

Since Jan. 9, customers must have cash in hand to buy anything at N.B. Liquor and Cannabis N.B. stores, after a cyber security incident caused them to stop accepting debit, credit and gift cards.

Operations at N.B. Liquor and Cannabis N.B. still hobbled after 'cyber security incident' last week

.
Services are expected to be fully restored sometime this week, according to a statement on the N.B. Liquor website dated Jan. 13. (María José Burgos/CBC)

Since Jan. 9, customers must have cash in hand to buy anything at N.B. Liquor and Cannabis N.B. stores, after what is being called a "cyber security incident" caused them to stop accepting debit, credit and gift cards.

N.B. Liquor would not provide anyone for an interview, but in a statement to CBC News said it has hired third-party security experts to conduct an investigation and are unable to "speak to details" about what happened.

Terry Cutler, a cyber security expert at Cyology Labs in Montreal, said the issue could be a ransomware attack or another type of cyber problem.

CBC News asked N.B. Liquor if this was a ransomware attack.

.
Marie-Andrée Bolduc, a spokesperson for N.B. Liquor, says this was not a ransomware incident. (Shane Fowler/CBC)

In an emailed statement, spokesperson Marie-Andrée Bolduc said, "based on our investigation to date, this was not a ransomware incident." 

Cutler said "on a good day," it takes a minimum of 100 hours of work to get back online after a security incident because the company has to build up its network from scratch to make sure the original bad actors don't have access.

"There's a transition period that has to occur. So the technicians are going to be working around the clock 24/7 rebuilding this thing," he said.

WATCH | Why you're still paying cash for booze and weed at corporate stores:

Security expert on possible causes of N.B. Liquor disruption

3 days ago
Duration 3:06
Debit and credit machines have been down for several days at Cannabis N.B. and N.B. Liquor stores. Security expert Terry Cutler explains some possible reasons for the lengthy disruption.

If it's not ransomware, Cutler said the extended outage of credit and debit systems could be linked to a cyber attack the corporation is hoping to stop.

If this is the case, the corporation may have "pulled the plug" on the network to investigate and contain the attack.

Cutler said the average time an attacker has access to a network is 286 days, which means data could have been accessible to malicious actors for months.

And it's not just the threat of financial data being shared that concerns Cutler — there's other data that could be released, such as emails, that could lead to further cyber security issues for customers.

"They can start sending emails to all these people, which is known as a phishing attack," said Cutler. 

"They're going to say your account got compromised, click this link to reset your password," he said.

"You go to reset the password but you're actually giving away that information to the bad guys in real time, which could be used to log into maybe other accounts because a lot of people use the same password everywhere online."

Cutler said  the cost of recovering from a cyber security incident could reach into the millions of dollars.

"The prices go up really quickly because you've got everything from ransomware negotiation, you've got incident responders, you have legal involved, you got the techs running around the clock."

Bolduc has said that, "Currently there is no evidence to suggest our company or customers' information has been impacted."

Services are expected to be fully restored sometime this week, according to a statement on the N.B. Liquor website dated Jan. 13.

ABOUT THE AUTHOR

Jordan Gill

Reporter

Jordan Gill is a CBC reporter based out of Fredericton. He can be reached at jordan.gill@cbc.ca.