Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Mailing List Provider WordFly Scrambling to Recover Following Ransomware Attack

Mailing list provider WordFly has been offline for more than two weeks after ransomware encrypted data on some of its systems.

WordFly provides digital marketing for arts, culture, entertainment, and sports organizations, offering email and SMS marketing, forms, and surveys, among other options.

Mailing list provider WordFly has been offline for more than two weeks after ransomware encrypted data on some of its systems.

WordFly provides digital marketing for arts, culture, entertainment, and sports organizations, offering email and SMS marketing, forms, and surveys, among other options.

The ransomware attack crippled WordFly’s internal systems on July 10, and the company hasn’t been able to restore them since.

“At the present time, we are diligently working with our digital forensics experts to assist us with restoring the WordFly system. We cannot provide a firm timeline of when we expect operations to be fully restored,” WordFly noted in an incident FAQ.

The attack has disrupted all of the company’s services, except for those running on external resources, WordFly director Kirk Bentley said. Backup servers were also impacted in the attack.

Bentley also disclosed that the attackers were able to access and exfiltrate data from the company’s servers. The data theft was discovered on July 14, and the threat actor allegedly deleted the stolen data the next day.

“It is our understanding that as of the evening of July 15, 2022, that data has been deleted from the bad actor’s possession. We have no evidence to suggest, before the bad actor deleted the data, that the data was leaked over the dark web and/or sent to any other public facing domain/disseminated elsewhere,” WordFly said.

The exfiltrated data likely included names and email addresses, along with data that users imported into WordFly, which was collected in a form on WordFly, or which was transferred from TMS (the predecessor of WordFly). The attackers did not exfiltrate credit card information or login details, the company says.

Advertisement. Scroll to continue reading.

Bentley, who referred to the stolen data as having a “generally non-sensitive and public nature”, also said that the company had no evidence that the information “has been, or will be, misused to perpetrate harm to the rights and liberties of our customers or their subscribers”.

WordFly also explained that, for all organizations, it keeps data since they became customers, and for the purpose it has been collected for. “The exception being some larger and long-term customers who have worked with us over the years to archive historic data. For most customers, we don’t routinely archive or delete anything,” the company said.

The mailing list provider has been delivering daily status updates, with the most recent ones suggesting that it might take at least several more days for WordFly services to be restored. The company says it is still investigating the root cause of the attack.

In the meantime, the company’s customers have started to inform their users of the incident, including London-based Courtauld, Smithsonian’s National Zoo, Sydney Dance Company, and the Toronto Symphony Orchestra.

Other WordFly customers likely impacted include Cheltenham Festivals, Royal Shakespeare Company, Royal Opera House, Southbank Centre, and The Old Vic.

Related: Black Basta Ransomware Becomes Major Threat in Two Months

Related: It Doesn’t Pay to Pay: Study Finds Eighty Percent of Ransomware Victims Attacked Again

Related: Cyberattack Causes Disruptions at Car Rental Giant Sixt

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Threat intelligence firm Team Cymru has appointed Joe Sander as its Chief Executive Officer.

Madhu Gottumukkala has been named Deputy Director of the cybersecurity agency CISA.

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.