Two weeks after suffering a cyber attack, Indigo Books and Music has acknowledged it was hit by ransomware and employee data was compromised.
“On February 8, 2023, Indigo experienced a ransomware attack,” the company says in an updated FAQ on its website. “Through our investigation we learned there is no reason to believe customer data has been improperly accessed, but that some employee data was.”
“We are notifying all affected employees,” the site says. “We have also notified and are co-operating with law enforcement.
“Since this incident, we have been working with third-party experts to strengthen our cybersecurity practices, enhance data security measures and review our existing controls.”
UPDATE: According to the Toronto Star, employees were sent an email on Feb. 23 detailing what information was copied by the attacker. It includes employees’ email address, phone number, birth date, home address, postal code, social insurance number and banking information such as employee direct deposit information, including the name of the financial institution, bank account number and branch number.
The data was taken between  Jan. 16 and Feb. 8.
No ransomware group has taken responsibility for the attack as yet, according to a threat researcher for a cybersecurity company.
The company has been able to restore online sales of books — but not other items it sells.
“Books are back,” Indigo trumpeted on its website, saying thousands of titles are available. However, shoppers can only browse for lifestyle products. These will have to be bought in stores across the country.
Indigo is still in the process of remediation. The website says it is the “temporary online home,” suggesting that a new website is being built.
According to a report released today by Fortinet that looks at cyber incidents in the second half of 2022, ransomware volume around the world increased 16 per cent from the first half of last year.
Out of a total of 99 observed ransomware families, the top five families accounted for roughly 37 per cent of all ransomware activity during the second half of 2022, it said.
GandCrab, a ransomware-as-a-service malware that emerged in 2018, was at the top of the list. Although the criminals behind GandCrab announced that they were retiring after making over $2 billion in profits, the report says, there were many iterations of GandCrab during its active time. “It is possible that the long-tail legacy of this criminal group is still perpetuating, or the code has simply been built upon, changed, and re-released.”
In an IBM report, also released today, that looked at incidents the company was called on for help across all of 2022, researchers said incidents of ransomware dropped last year compared to 2021. However, deploying ransomware was the second most common action after a threat actor was able to breach security controls. Installing a back door was number one. Back doors lead to the distribution of malware, including ransomware, to further everything from credential theft through data theft and data destruction.
Alarmingly, IBM said there was a four per cent reduction in the average time for the deployment of ransomware attacks in 2022 compared to the previous year. To put that in perspective, what took attackers over two months in 2019 took just under four days in 2021.
