Nova Scotia Power Confirms Ransomware Attack, Refuses to Pay Ransom
In a recent development, Nova Scotia Power has confirmed that it was hit by a sophisticated ransomware attack in April 2023. The company had initially disclosed the cyber incident and assured customers that no power outages occurred as a result of the breach.
About Nova Scotia Power Inc.
Nova Scotia Power Inc. is a vertically integrated electric utility serving the province of Nova Scotia, Canada. With its headquarters in Halifax, the company is a subsidiary of Emera Inc. and provides electricity to over 500,000 residential, commercial, and industrial customers across the province.
The company's operations encompass generation, transmission, and distribution of electricity, utilizing a diverse mix of energy sources including coal, natural gas, hydroelectric, wind, tidal, oil, and biomass. Nova Scotia Power manages approximately $5 billion in assets and produces more than 10,000 gigawatt-hours of electricity annually.
The Cyber Attack
In April 2023, both Nova Scotia Power and Emera faced a cyber attack that impacted their IT systems and networks. The companies declared that the security incident did not cause any power outages.
On April 25, both companies found unauthorized access to parts of their network. In response to the intrusion, the companies shut down affected servers, disrupting IT systems, including customer support lines and the online portal.
The Incident Details
As of April 28, they were still working to restore services, and confirmed that the incident did not “impact on their ability to provide safe, reliable power to their customers. Emera confirmed no disruption to its Canadian operations, including Nova Scotia Power, and no impact on U.S. or Caribbean utilities.
The companies did not share technical details about the attack, however, experts speculate they have been targeted in a ransomware attack. In mid-May, the company disclosed a data breach after the April security incident and revealed that threat actors had stolen sensitive customer data.
Stolen Data
"While the investigation remains ongoing, we have determined that on or around March 19, 2025, certain customer information stored on the impacted servers was accessed and later taken by an unauthorized third party.” reads the update published by the company on May 14, 2025.
Notifications are in the process of being mailed to impacted account holders, which includes detailed information about resources and support. While we have no evidence of misuse of your personal information, as a precaution, arrangements have been made with the consumer reporting agency, TransUnion, to provide impacted individuals with a two-year subscription to a comprehensive credit monitoring service (TransUnion myTrueIdentity®) at no cost.
The Ransom Demand
The company warned customers about phishing scams impersonating the utility to steal data. In the update published on its website on May 23, Nova Scotia Power confirmed that it was hit by a “sophisticated ransomware attack”. "Today, we are confirming we have been the victim of a sophisticated ransomware attack.” reads the update.
"No payment has been made to the threat actor. This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance.”
No Payment Made to Ransom Actors
The company confirmed that threat actors had published the stolen data. Affected customers were notified and offered 2 years of free credit monitoring via TransUnion.
The company urges vigilance against suspicious messages or phishing attempts and is working with cybersecurity experts to assess the scope of the incident.
Despite the company’s claims, I haven’t been able to find Nova Scotia Power listed on any known dark web leak sites linked to ransomware groups.
This raises questions about the effectiveness of the company's response to the attack and its willingness to pay the ransom. The incident highlights the importance of cybersecurity measures for companies like Nova Scotia Power, which relies heavily on technology to provide essential services to its customers.