BRP Inc. announced the resumption of operations at some of its sites Monday following a cyber attack that targeted the Ski-Doo maker.
On Aug. 9, BRP Inc.
announced the temporary suspension of its operations as a result of the attack, which it described as “malicious cybersecurity activity.”
BRP Inc. shares fluctuated on Monday, compared with the S&P 500 index’s 0.2% decline.
The company said its manufacturing sites in Valcourt in Canada, Rovaniemi in Finland, Gunskirchen in Austria and Sturtevant in the U.S. are ramping up production activities and expect to be fully operational on Tuesday. “The rest of the production sites are planning to resume operations over the course of the week in a phased approach,” BRP said, in a statement released early Monday.
“BRP’s team, with the assistance of external advisers, are currently working to restore all internal systems from its backup repositories,” the company added.
The malware infiltration came through a third-party service provider and the attack was limited to BRP’s internal systems, according to the Valcourt, Quebec-based company. “At this time, while the investigation is still ongoing, it has not revealed any evidence that its clients’ personal information would have been affected by the attack,” BRP said, in its statement. “As such, at this stage, BRP expects that the impact of this incident from a data privacy perspective should be limited.”
BRP has put in place a recovery plan to minimize the financial consequences of the cyberattack, it said, and does not anticipate any impact on its year-end financial guidance
The company declined to provide additional details on the attack when contacted by MarketWatch.
“Chances are that the company has been hit by a ransomware attack,” cybersecurity expert Graham Cluley, host of the Smashing Security podcast, told MarketWatch, adding that hundreds of companies fall victim to this type of attack every day. “In these the attackers typically encrypt data on the company’s servers (making it inaccessible to their firm) and demand a cryptocurrency payment in exchange for a decryption key,” he said. “Often times the attackers will additionally steal data from the company, and threaten to release it on the web or sell it to other cybercriminals.”
“All the hackers are looking for are companies to extort money from, they probably don’t have something specifically against Ski-Doos,” Cluley added.
BRP shares have fallen 10.2% this year, compared with the S&P 500’s decline of 10.4%.