Shut down factories, inaccessible computer tools and remote working for office workers: The cyberattack that has hit BRP since Monday is compounding a headache for the Ski-Doo and Sea-Doo maker, which was already struggling to meet demand for recreational vehicles.
Updated at 0:02
No one is immune to computer paralysis, but in Quebec we have rarely seen a company the size of BRP – one of Quebec’s large multinationals with more than 20,000 employees and 11 factories in six countries – so badly affected.
At the Valcourt plant, where the company’s headquarters are also located, employees will have to wait until Monday before they can resume work. After three full days of paralysis, many questions remained. An internal memo sent to and received by employees The press however, illustrates the complexity of the situation.
“Office workers please refrain from using currently inaccessible PCs, laptops and other IT tools until further notice. We ask that you work from home if possible and continue to check your e-mails regularly. »
The letter also advises employees to direct questions to the Public Relations Department “immediately” if contacted by the media.
The recreational vehicle manufacturer was stingy with details on Thursday. Teams working “day and night” have made “progress in restoring certain” servers, an email said. BRP, which was the target of a cyberattack on Monday, has not yet said whether it identified the perpetrators and whether they ransomed them. The company also did not say whether its employees would be paid despite this forced leave.
This cyber attack adds to the challenges faced by the multinational company, which has been moving at high speed since the beginning of the pandemic. In the first quarter, BRP halved its profits on supply issues that prevented it from ramping up shipments to its dealers — where inventories are at historic lows.
Despite it all, investors appeared to remain optimistic. On the Toronto Stock Exchange Thursday, stock BRP’s decline was limited. The stock fell 1.35%, or $1.36, to close at $99.26.
According to Stéphane Auger, vice president at Microfix, a company specializing in information technology, BRP could have been the target of hackers or ransomware. However, it is impossible to be sure unless the multinational confirms it, adds the expert. However, disruptions that last for several days indicate a “very serious” degree of severity, affirms Mr. Auger.
“What it’s signaling is that we’ve detected something that could be spreading through the network or has affected the whole thing,” he explains. If that’s the case for a long time, they either clean up all the servers or no longer have access to them at all. »
If the attack paralyzes the manufacturer of leisure vehicles, the picture is different for the dealers. At Groupe Contant, which is present in Laval, Mirabel, Sainte-Agathe, Beloeil and Vaudreuil, the marketing director Virginie Jolicoeur spoke of a disruption of the “internal system” of “a few hours” on Monday, which allows exchanges with BRP .
However, the incident casts a shadow over a week that promised to be positive. At its annual dealer conference in Utah, the Quebec company unveiled new products, including the Sea-Doo Rise, a type of electric kitesurf board that’s received positive reviews from analysts.
Hours before confirming a cyberattack on Tuesday, BRP announced the acquisition of a longtime supplier: the Shawinigan plant, owned by auto parts maker Kongsberg.
Other recent examples of cyber attacks
Association of Agricultural Producers
The Farmers’ Union has also had a difficult week. Since Sunday all computer systems have been affected by a ransomware attack. His 160 employees can no longer connect to the network. Its general manager, Charles-Félix Ross, told The Canadian Press that it was the worst cyberattack the organization has ever suffered.
Russian cybercriminals claimed responsibility for an offensive targeting Aluminerie Alouette on the north coast last February. Production was not halted at the complex, but the hackers claimed they got their hands on confidential data.
At the end of February, production at the multinational’s Joliette factory was suspended for a few days after a computer failure caused by a cyber attack. The employees were on forced leave for a few days.
- BRP products are sold in more than 120 countries through a network of more than 3,250 dealers.