Digital marketing platform WordFly has been down for over two weeks. The breach affected clients such as the Smithsonian and Toronto Symphony Orchestra.
WordFly, a Seattle-based marketing platform used by arts, entertainment, culture, and sports firms, is living through a cyber nightmare.
The company has been unable to resume operation for 17 days since hackers breached the firm on 10 July. WordFly provides its users with mailing list services, data monitoring, and other digital marketing services.
“The incident was propagated by a bad actor who conducted a ransomware attack on WordFly, resulting in the encryption of the WordFly application,” Kirk Bentley, head of Business Development at WordFly, said in a statement.
To make matters worse, four days after the attack, the company learned that the attackers exported email addresses and other data customers use to communicate with their subscribers using WordFly’s services.
Bentley explained that the threat actors deleted the data on 15 July, hinting that the company might have agreed to pay the ransom.
Ransomware gangs often use the double extortion tactic for ransomware, a two-pronged extortion approach of locking companies out of their own files while also threatening to auction off this data to the public if the ransom isn’t paid. If the ransom demands are met, threat actors promise to delete the data they’ve stolen.
“We have no evidence to suggest, before the bad actor deleted the data, that the data was leaked or disseminated elsewhere. We also have no evidence to suggest that any of this information has been, or will be, misused,” Bentley said.
However, even if the company paid the ransom to hackers, restoring operations hasn’t been successful so far. Moreover, prominent company clients had to inform their own customers their data was likely stolen.
For example, Smithsonian’s National Zoo and Conservation Biology Institute released a statement confirming their user data was lost since a company that the institute used to send email communications experienced a ransomware attack.
“We want to reassure you that we use this service to facilitate email communication and we do not store any information in the system that is financial or sensitive that could have been exposed by this incident,” the institute’s statement read.
Meanwhile, another WordFly client, the Toronto Symphony Orchestra, said the organization had no indications its data was leaked during the attack. However, if the perpetrators behind the attack did get access to the data, no financial or payment data was compromised.
“Personal information potentially impacted includes your name, email address, TSO Patron ID, and information about your TSO account. It may also include personal information certain patrons have volunteered to the TSO when responding to a survey, such as demographic information and opinions on the TSO,” the organization’s statement said.
The number of ransomware attacks grew last quarter compared to the beginning of the year. Digital Shadows counted 705 victims, 21% more than over previous months. Ivan Righi, a Senior Cyber Threat Intelligence Analyst at Digital Shadows, thinks we’ll only see more attacks as the year progresses.
“[…] activity is likely to continue increasing until the end of the year. The rise in activity was primarily attributed to smaller ransomware groups having a higher activity level than usual, which is another trend likely to continue due to the recent closure of some large ransomware groups,” Righi said.
The smaller groups that excelled in thievery most last quarter were Alphv, with a 118% increase in the number of victims, and Vice Society, whom researchers credit with 100% growth.
According to Digital Shadows, new groups that emerged last quarter include Black Basta, Mindware, Cheers, RansomHouse, Industrial Spy, Yanluowang, Onyx, NOKOYAWA, and DarkAngels. Black Basta is credited as the most successful newcomer.
Threat actors primarily focused on the industrial goods and services sector, followed by the technology as well as construction and materials sectors. Companies in the United States continue to be the primary focus of ransomware gangs, with around 39% of total victims in the US.
More from Cybernews:
Subscribe to our newsletter