On December 27, 2022, Copper Mountain Mining Corporation experienced a significant ransomware attack that disrupted its IT systems and operations. This malicious cyber intrusion compromised critical assets, including servers and databases integral to the Company’s production and shipping processes. While the attack forced a temporary halt to operations, the Company demonstrated resilience by maintaining its shipping schedule from existing mine inventory to the Port of Vancouver. Following the incident, Copper Mountain took swift action to mitigate the damage, implementing risk management systems and protocols to safeguard against future threats. By January 1, operations at the primary crusher resumed, and the mill was back to full production by January 4, showcasing the Company’s commitment to recovery and stability amidst adversity. Throughout this challenging period, key environmental management systems remained operational, ensuring no environmental incidents or personnel injuries occurred. The ongoing collaboration between internal IT teams and external cybersecurity experts reflects the Company’s dedication to reinforcing its defenses and returning to full operational capacity in a secure manner.

• The ransomware attack on December 27, 2022, temporarily halted operations at the Copper Mountain Mine, impacting production capabilities and operational efficiency.
• Key assets affected included IT systems, which were locked by ransomware, preventing access to critical operational data and software.
• While the environmental management systems remained operational, the primary crusher and mill were shut down preventively, delaying production resumption.
• The organization faced significant operational disruptions, including:
  • Inability to process copper concentrate at full capacity.
  • Temporary loss of access to essential business systems, affecting data retrieval and decision-making.
  • Delayed customer inquiries and product shipping due to operational downtime.
• Financially, the incident incurred direct costs related to recovery efforts, cybersecurity enhancements, and potential lost revenue from production delays, although specific figures were not disclosed.
• Despite these challenges, the company maintained its planned shipping schedule by utilizing existing mine inventory, showcasing resilience during the incident.

The ransomware attack on Copper Mountain Mining Corporation likely occurred through the exploitation of vulnerabilities in its IT systems. Common methods for such attacks include phishing emails, which can deliver malicious software when users click on links or download attachments. Additionally, inadequate network security measures, such as outdated software or weak passwords, can provide entry points for attackers.

Once inside the network, the ransomware can spread rapidly, encrypting critical data and disrupting operations. The incident may also have leveraged a lack of proper backup protocols, making it difficult for the Company to recover without paying the ransom.

Post-incident analysis by internal and external cybersecurity teams will focus on identifying specific weaknesses and attack vectors used by the perpetrators. This will involve reviewing system logs, access records, and endpoint security alerts to gain insights into how the attack was executed and to enhance future defenses. By implementing stronger security protocols and employee training, Copper Mountain aims to mitigate the risk of similar incidents in the future.

Upon detecting the ransomware attack, Copper Mountain Mining Corporation's initial response involved immediate actions to assess and contain the malware's impact on its IT systems. The Company promptly engaged both internal IT teams and external cybersecurity experts to identify the malware and evaluate the extent of the breach.

The triage process involved isolating affected systems to prevent the malware from spreading further, effectively severing connections to critical operational and business systems. Concurrently, the team performed a comprehensive analysis of the compromised systems to determine the nature of the attack and identify vulnerabilities.

Preventative measures, such as implementing enhanced security protocols and risk management systems, were initiated to safeguard against future incidents. Throughout this period, the Company maintained operational continuity in terms of shipping copper concentrate, ensuring minimal disruption to its scheduled activities. The focus remained on restoring the integrity of the IT infrastructure while prioritizing the safety and security of personnel and environmental management systems.