Skip to main content

Ransomware victim disclosure

All victims

CanTalk Canada

listed as CANTALK, Canadian translation services - Leak · Claimed by Ragnarlocker · listed 3 years ago

39m
Age
since listed · data leaked

Status timeline

  1. ListedApr 25, 2023
  2. Data leakeddate unknown

At a glance

Status
Data leaked
Country
Canada
Listed on leak site
Apr 25, 2023

About the victim

AI dossier — public-source company profile

CanTalk Canada is a Canadian language services provider offering over-the-phone interpretation, translation, and cultural support in 200+ languages and dialects, including French Canadian and Indigenous languages. The company serves businesses, not-for-profits, and government agencies across Canada and the U.S. with integrated call centre, on-site, and remote language solutions available 24/7/365.

Industry
Language Services & Translation
Employees
51-200

Attack summary

Severity: high — Data has been published (disclosed status: data_published) by a known ransomware group. CanTalk serves healthcare, government, immigration/refugee, and legal sectors, meaning exfiltrated data likely includes sensitive client communications and potentially regulated PII across multiple vulnerable populations.

Ragnar Locker claims a data-published attack against CanTalk Canada, indicating data has been exfiltrated and disclosed; no specific ransom amount or data volume was stated in the available leak post.

high

Data the group says was taken

AI dossier — extracted from the leak post
  • Client records
  • Call centre data
  • Multilingual service logs
  • Employee information
  • Government agency communications
  • Healthcare language service records
  • Immigration and refugee service records
  • Legal language service records
  • Business contact data

Sources

Source

Indexed 3 years ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About Ragnarlocker

**Overview:** Ragnarlocker is a financially motivated ransomware operation that emerged in April 2020, conducting targeted attacks against enterprise organizations across multiple sectors with a focus on maximizing profit through encryption and data theft extortion tactics. **Origin & Affiliation:** The group's country of origin remains unclear based on publicly available intelligence, though they operate as an independent ransomware family rather than offering Ransomware-as-a-Service capabilities to other criminal actors. **Attack Methodology:** Ragnarlocker operators typically gain initial access through compromised Remote Desktop Protocol credentials, phishing campaigns, and exploitation of public-facing applications, subsequently deploying their custom ransomware payload that employs strong encryption algorithms. The group practices double extortion tactics, exfiltrating sensitive data before encryption and threatening to publish stolen information on dedicated leak sites if ransom demands are not met, often targeting network shares and attempting to delete shadow copies to prevent recovery. **Notable Campaigns:** The group has successfully compromised 128 documented victims across multiple countries, with significant targeting of critical infrastructure sectors including energy, finance, and telecommunications organizations, though specific high-profile incidents and ransom amounts have not been widely disclosed in public threat intelligence reports. **Current Status:** Based on available public reporting, Ragnarlocker remains an active threat as of recent security advisories, continuing to target organizations primarily in the United States and Europe. The group has been linked to 128 public disclosures across our corpus. First observed on a leak site on April 1, 2020; most recent post October 11, 2023. The operation is currently inactive.

Also tracked as: Ragnar Locker.

Timeline of this disclosure

  • April 25, 2023CANTALK, Canadian translation services - Leak listed by Ragnarlockeron the group's public leak site

Sector and geography

This disclosure adds to ransomware activity in the Business Services sector, which has 3,796 disclosures indexed across all operators we track. Geographically, CANTALK, Canadian translation services - Leak is reported in Canada, a country with 1,055 ransomware disclosures in our corpus.

If your organisation is affected

A listing by Ragnarlocker means CANTALK, Canadian translation services - Leak appeared on a ransomware extortion site and data attributed to it has been published. If this is your organisation, or a supplier you depend on, the priority is to confirm the intrusion and contain it before the window to act closes.

  • Engage your incident-response team and preserve forensic evidence before remediating — do not wipe affected systems first.
  • Force a password reset and revoke active sessions for exposed accounts; rotate any credentials, API keys or certificates that may have been in the stolen data.
  • Assess regulatory notification duties (GDPR, NIS2, sector regulators) — many carry a 72-hour reporting clock from awareness.
  • Report the incident to your national CERT, CCCS (Canada), as required for your jurisdiction.
  • Monitor for the data appearing on Ragnarlocker's leak site and across paste and breach channels, and brief downstream partners who may be exposed through you.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.