Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Mailing List Provider WordFly Scrambling to Recover Following Ransomware Attack

Mailing list provider WordFly has been offline for more than two weeks after ransomware encrypted data on some of its systems.

WordFly provides digital marketing for arts, culture, entertainment, and sports organizations, offering email and SMS marketing, forms, and surveys, among other options.

Mailing list provider WordFly has been offline for more than two weeks after ransomware encrypted data on some of its systems.

WordFly provides digital marketing for arts, culture, entertainment, and sports organizations, offering email and SMS marketing, forms, and surveys, among other options.

The ransomware attack crippled WordFly’s internal systems on July 10, and the company hasn’t been able to restore them since.

“At the present time, we are diligently working with our digital forensics experts to assist us with restoring the WordFly system. We cannot provide a firm timeline of when we expect operations to be fully restored,” WordFly noted in an incident FAQ.

The attack has disrupted all of the company’s services, except for those running on external resources, WordFly director Kirk Bentley said. Backup servers were also impacted in the attack.

Bentley also disclosed that the attackers were able to access and exfiltrate data from the company’s servers. The data theft was discovered on July 14, and the threat actor allegedly deleted the stolen data the next day.

“It is our understanding that as of the evening of July 15, 2022, that data has been deleted from the bad actor’s possession. We have no evidence to suggest, before the bad actor deleted the data, that the data was leaked over the dark web and/or sent to any other public facing domain/disseminated elsewhere,” WordFly said.

The exfiltrated data likely included names and email addresses, along with data that users imported into WordFly, which was collected in a form on WordFly, or which was transferred from TMS (the predecessor of WordFly). The attackers did not exfiltrate credit card information or login details, the company says.

Advertisement. Scroll to continue reading.

Bentley, who referred to the stolen data as having a “generally non-sensitive and public nature”, also said that the company had no evidence that the information “has been, or will be, misused to perpetrate harm to the rights and liberties of our customers or their subscribers”.

WordFly also explained that, for all organizations, it keeps data since they became customers, and for the purpose it has been collected for. “The exception being some larger and long-term customers who have worked with us over the years to archive historic data. For most customers, we don’t routinely archive or delete anything,” the company said.

The mailing list provider has been delivering daily status updates, with the most recent ones suggesting that it might take at least several more days for WordFly services to be restored. The company says it is still investigating the root cause of the attack.

In the meantime, the company’s customers have started to inform their users of the incident, including London-based Courtauld, Smithsonian’s National Zoo, Sydney Dance Company, and the Toronto Symphony Orchestra.

Other WordFly customers likely impacted include Cheltenham Festivals, Royal Shakespeare Company, Royal Opera House, Southbank Centre, and The Old Vic.

Related: Black Basta Ransomware Becomes Major Threat in Two Months

Related: It Doesn’t Pay to Pay: Study Finds Eighty Percent of Ransomware Victims Attacked Again

Related: Cyberattack Causes Disruptions at Car Rental Giant Sixt

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...