Nova Scotia Power confirms it was hit by ransomware attack but hasn’t paid the ransom

Article thumbnail image

This post was originally published on Security Affairs. It can be found here.

Nova Scotia Power confirms it was hit by a ransomware attack but hasn’t paid the ransom, nearly a month after first disclosing the cyberattack.

Nova Scotia Power confirmed it was hit by a ransomware attack nearly a month after disclosing a cyber incident. The company revealed it hasn’t paid the ransom.

Nova Scotia Power Inc. is a vertically integrated electric utility serving the province of Nova Scotia, Canada. Headquartered in Halifax, it is a subsidiary of Emera Inc. The company provides electricity to over 500,000 residential, commercial, and industrial customers across the province. Its operations encompass generation, transmission, and distribution of electricity, utilizing a diverse mix of energy sources including coal, natural gas, hydroelectric, wind, tidal, oil, and biomass. Nova Scotia Power manages approximately $5 billion in assets and produces more than 10,000 gigawatt-hours of electricity annually.

In April, Nova Scotia Power and Emera faced a cyber attack that impacted their IT systems and networks. Both companies declared that the security incident did not cause any power outages. 

On April 25, both companies found unauthorized access to parts of their network. In response to the intrusion, the companies shut down affected servers, disrupting IT systems, including customer support lines and the online portal. As of April 28, they were still working to restore services, and confirmed that the incident did not “impact on their ability to provide safe, reliable power to their customers.

Emera confirmed no disruption to its Canadian operations, including Nova Scotia Power, and no impact on U.S. or Caribbean utilities.

The companies did not share technical details about the attack, however, experts speculate they have been targeted in a ransomware attack.

In mid-May, the company disclosed a data breach after the April security incident and revealed that threat actors had stolen sensitive customer data. The company determined that the incident occurred on or around March 19, 2025. Attackers gained access to certain customer information stored on some servers and later taken by an unauthorized third party.

“While the investigation remains ongoing, we have determined that on or around March 19, 2025, certain customer information stored on the impacted servers was accessed and later taken by an unauthorized third party.” reads the update published by the company on May 14, 2025. “Notifications are in the process of being mailed to impacted account holders, which includes detailed information about resources and support. While we have no evidence of misuse of your personal information, as a precaution, arrangements have been made with the consumer reporting agency, TransUnion, to provide impacted individuals with a two-year subscription to a comprehensive credit monitoring service (TransUnion myTrueIdentity®) at no cost.

The impacted personal information varies by customer and could include different types depending on what each customer provided, including name, phone number, email address, mailing and service addresses, Nova Scotia Power program participation information, date of birth, and customer account history (such as power consumption, service requests, customer payment, billing, and credit history, and customer correspondence), driver’s license number, and Social Insurance Number. For some of our customers, bank account numbers (for pre-authorized payment) may also have been impacted, if this information was provided by these customers.

Nova Scotia Power warned customers about phishing scams impersonating the utility to steal data.

In the update published on its website on May 23, Nova Scotia Power confirmed that it was hit by a “sophisticated ransomware attack”. 

“Today, we are confirming we have been the victim of a sophisticated ransomware attack.” reads the update. “No payment has been made to the threat actor. This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance.”

Nova Scotia Power confirmed that threat actors had published the stolen data. Affected customers were notified and offered 2 years of free credit monitoring via TransUnion. The company urges vigilance against suspicious messages or phishing attempts and is working with cybersecurity experts to assess the scope of the incident.

Despite the company’s claims, I haven’t been able to find Nova Scotia Power listed on any known dark web leak sites linked to ransomware groups.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

This post was originally published on this site

Forum Search

Partners & Sponsors
  • University of Baltimore
  • Towson University
  • Bureau of Justice Assistance
  • National Science Foundation
LATEST FORUM POSTS
Test post2

Test Post2

By Demo User12, 1 year ago

Finding internships

Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...

By AP Malla, 1 year ago

Beginner network forensic investigation

How should I approach network forensic? Would you recommend learning tools like WireShark?

By AP Malla, 1 year ago

Cyber Forensic Employment: High level guidelines

Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...

By AP Malla, 1 year ago

LATEST POSTS
Article thumbnail image
The Czech government condemned China after linking cyber espionage group APT31
PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal crede
Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping sca
Researchers found a fake Bitdefender site spreading the Venom RAT by tricking u