Ransomware group LockBit threatens to release ‘databases’ tied to The Weather Network breach

The network's parent company, Pelmorex Corp., previously stated the breach is tied to a 'third-party software provider'

The Weather Network’s cybersecurity breach appears to have gotten a whole lot worse.

It appears ransomware group LockBit has named The Weather Network’s parent company, Pelmorex Corp., as a “victim.”

Brett Callow, a threat analyst at Emsisoft, shared a screenshot of the post on X (formally known as Twitter).

The screenshot shows the group uploaded the post on its dedicated leak site (DLS) on September 22nd at 2:45pm UTC (10:45am ET).

“We have downloaded a lot of databases from their network, include SecretServer RDP connections sources [sic],” the post reads. A block or blurred information is listed under the heading titled “top contacts.”

Karen Kheder, the director of communications and administration at Pelmorex Corp., told MobileSyrup the company is aware of the posting.

“We are working with leading global cybersecurity experts, and based on everything we know thus far, the attackers obtained limited access to publicly available information. If there is any change or update to our findings, we will notify all relevant parties in accordance with the law.”

LockBit is a “rent-a-ransomware” operation, and “the persons who rented it for the purpose of this attack could be based anywhere,” Callow told to MobileSyrup.

While the post doesn’t detail what the group’s demands are, it does list a deadline for September 24th, 2023, just past 2:45pm UTC.

“All available data will be published,” the post concludes in capital letters.

According to a September 20th post on Pelmorex’s website, most of The Weather Network’s services are running again. However, users might face “occasional system issues.”

Updated September 22nd 5:11pm ET: The article has been updated with a statement from Pelmorex.

Image credit: Pelmorex Corp.