Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Mailing List Provider WordFly Scrambling to Recover Following Ransomware Attack

Mailing list provider WordFly has been offline for more than two weeks after ransomware encrypted data on some of its systems.

WordFly provides digital marketing for arts, culture, entertainment, and sports organizations, offering email and SMS marketing, forms, and surveys, among other options.

Mailing list provider WordFly has been offline for more than two weeks after ransomware encrypted data on some of its systems.

WordFly provides digital marketing for arts, culture, entertainment, and sports organizations, offering email and SMS marketing, forms, and surveys, among other options.

The ransomware attack crippled WordFly’s internal systems on July 10, and the company hasn’t been able to restore them since.

“At the present time, we are diligently working with our digital forensics experts to assist us with restoring the WordFly system. We cannot provide a firm timeline of when we expect operations to be fully restored,” WordFly noted in an incident FAQ.

The attack has disrupted all of the company’s services, except for those running on external resources, WordFly director Kirk Bentley said. Backup servers were also impacted in the attack.

Bentley also disclosed that the attackers were able to access and exfiltrate data from the company’s servers. The data theft was discovered on July 14, and the threat actor allegedly deleted the stolen data the next day.

“It is our understanding that as of the evening of July 15, 2022, that data has been deleted from the bad actor’s possession. We have no evidence to suggest, before the bad actor deleted the data, that the data was leaked over the dark web and/or sent to any other public facing domain/disseminated elsewhere,” WordFly said.

The exfiltrated data likely included names and email addresses, along with data that users imported into WordFly, which was collected in a form on WordFly, or which was transferred from TMS (the predecessor of WordFly). The attackers did not exfiltrate credit card information or login details, the company says.

Advertisement. Scroll to continue reading.

Bentley, who referred to the stolen data as having a “generally non-sensitive and public nature”, also said that the company had no evidence that the information “has been, or will be, misused to perpetrate harm to the rights and liberties of our customers or their subscribers”.

WordFly also explained that, for all organizations, it keeps data since they became customers, and for the purpose it has been collected for. “The exception being some larger and long-term customers who have worked with us over the years to archive historic data. For most customers, we don’t routinely archive or delete anything,” the company said.

The mailing list provider has been delivering daily status updates, with the most recent ones suggesting that it might take at least several more days for WordFly services to be restored. The company says it is still investigating the root cause of the attack.

In the meantime, the company’s customers have started to inform their users of the incident, including London-based Courtauld, Smithsonian’s National Zoo, Sydney Dance Company, and the Toronto Symphony Orchestra.

Other WordFly customers likely impacted include Cheltenham Festivals, Royal Shakespeare Company, Royal Opera House, Southbank Centre, and The Old Vic.

Related: Black Basta Ransomware Becomes Major Threat in Two Months

Related: It Doesn’t Pay to Pay: Study Finds Eighty Percent of Ransomware Victims Attacked Again

Related: Cyberattack Causes Disruptions at Car Rental Giant Sixt

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights