Ontario Non-Profit Warning Clients After Ransomware Attack
Exploit: Ransomware
Company: Social Enterprise for Canada (SEC)
Industry: Non-Profit, Family Services
Source: https://financialpost.com/technology/ontario-family-agency-hit-by-ransomware-says-no-data-was-stolen
Social Enterprise for Canada (SEC), a Southern Ontario family services charity, has warned members and clients not to respond to emails threatening to release their personal information unless they click on a link. Threat actors began sending the emails after victimizing the agency with a ransomware attack.
Although the company has admitted the attack encrypted their systems, officials stated that there is no evidence of the data being copied, leaving the threat empty. The agency also mentioned that all data on their clients is general information that would not be classified as highly confidential.
While the agency considers itself “tiny,” with 40 full-time and 20 part-time staff members and around 15,000 people served per year, the available data is still deemed appealing for cybercriminals. Even with the most basic information (names and email addresses), social engineering attacks can be deployed against members. “In the weeks preceding the attack, we got an awful lot of phishing emails. We’ve seen a lot of spoofed email that looks like internal [messages], so we’ve been trying to educate our team to watch out.”
SEC’s clients are being cautioned to be on the lookout for spam containing malicious links or further spoofed emails requesting information/action.
An investigation on the incident is underway, but the agency believes a staff member may have clicked on a malicious link in an email.
Protect Your Business Against Modern Cyber Threats
More than ever, organizations of all sizes have been facing a historical rise in cyber attacks and data breaches. Talk to a cyber security expert today and find out how we can provide expert consulting and a portfolio of Cyber Security solutions designed to protect your organization against today’s most prevalent threats.