Culture shock: Ransomware gang sacks arts orgs' email lists
Don't worry, the crooks totally deleted the data and promised not to use it for evil
A ransomware gang has not only taken down WordFly, a mailing list provider for top arts organizations among others, but also siphoned data belonging to the US-based Smithsonian, Canada's Toronto Symphony Orchestra, and the Courtauld Institute of Art in London.
As of right now, WordFly's main website is unavailable, and has been offline for the past two weeks. "Please plan accordingly if you need to send email before Aug. 1," the firm advised on a separate site. WordFly is one of those companies that takes care of sending out mass emails, typically marketing messages, to customers who sign up for said bumf.
In an update about the ongoing outage, WordFly exec Kirk Bentley said the outfit's engineering team discovered a network disruption on July 10. "The incident was propagated by a bad actor who conducted a ransomware attack on WordFly, resulting in the encryption of the WordFly application," he wrote in a support note.
During said attack, miscreants stole customers' email addresses and "other data" used by those organizations to communicate with their fans via WordFly. "At this time, we believe that the exported data was not sensitive in nature and largely consisted of names and email addresses," Bentley added.
The security update said the criminals deleted the data on July 15 — if you're inclined to believe someone who just stole and encrypted your customers' information — and Bentley noted that there's "no evidence" that the information was publicly leaked or "has been, or will be misused."
Again, may we suggest a very large grain of salt.
The digital marketing firm also hired outside forensics experts and cybersecurity professionals to assist, and said as of now the "situation has been contained," while the investigation is ongoing. No word as to when WordFly will be back online, however.
- Ransomware less popular this year, but malware up: SonicWall cyber threat report
- LockBit ransomware gang claims it ransacked Italy's tax agency
- Twitter launches probe after miscreants claims to have swiped 5.4m users' details
- Cyber-mercenaries for hire represent shifting criminal business model
Meanwhile, major arts and cultural organizations including Australia's Sydney Dance Company have since posted their own updates about the ransomware attack.
The Courtauld assured its fans that "visitors' financial data (including credit card details) were not compromised."
The Smithsonian, which runs 21 museums and the US National Zoo, and claims to be the world's largest museum, education and research complex, noted that some of its data, specifically its subscribers' email addresses and names, was stolen in the cyberattack.
However, it reiterated that WordFly believes "the information has been deleted and there will be no further misuse of this information."
"We want to reassure you that we use this service to facilitate email communication and we do not store any information in the system that is financial or sensitive that could have been exposed by this incident," the museum operator said, adding that it will continue to monitor the situation. "If we learn any additional information about the information that was exported or have any reason to believe the data has not been deleted by the attackers, we will update this notice."
In a similar alert, the Toronto Symphony Orchestra warned that personal information including names, email addresses, TSO patron ID and information about TSO accounts (such as donor level and demographic info collected via surveys) may have been compromised.
In the meantime, as WordFly's email service remains down, the orchestra has "temporarily partnered" with Mailchimp to send its communications to patrons. ®
- Advanced persistent threat
- Black Hat
- Bug Bounty
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Remote Access Trojan
- RSA Conference
- Trusted Platform Module
- Zero trust