A Southern Ontario charity that offers family services is urging clients not to respond to emails threatening to release personal information after the agency was hit by ransomware last month.
Social Enterprise for Canada (SEC) says despite the fact that its systems were encrypted by the attackers, so far there is no evidence data was copied, so the threat is empty.
In an interview this morning, SEC chief executive Patricia Cousins said the Toronto-area agency only has general information on clients and no information that would be considered highly confidential.
The attack started November 23rd, she said, when some of the servers supporting SEC’s email and IT systems were encrypted. It escalated December 1st when attackers emailed some clients saying the agency had been compromised and threatening to release their personal information unless they clicked on a link.
Fortunately, she said, thanks to help from technicians at Check Point Software, access to the servers was restored quickly.
“We haven’t found any data was copied, which we’re quite relieved about. We’ve asked Check Point to do the best search they can, but on the first scan it looks very positive that we didn’t have a data loss. We did, however, have our email compromised.”
Security experts say that threat actors can do a lot of damage by having only names and email messages of people by sending messages with spam, particularly if they can convince victims to click on a link from what they believe is a trusted source.
“That’s why we put the press release out,” Cousins said. “We want people to be aware this has happened to us and to be cautious.”
Cousins couldn’t immediately recall the strain of the ransomware, but has been told it was “highly sophisticated.”
SEC is still investigating the cause of the attack, Cousins said, but she suspects one of the agency’s full or part-time staff clicked on a link in an email.
“In the weeks preceding the attack we got an awful lot of phishing email. We’ve seen a lot of spoofed email that looks like internal [messages], so we’ve been trying to educate our team to watch out.”
The agency is “tiny,” she said, with about 40 full-time and 20 part-time staff. “We were surprised that we would have been targeted,” she said, “but I guess it doesn’t matter”
Social Enterprise for Canada is a charitable agency serving families, children, and newcomers in Toronto and the surrounding regions of York, Peel, Durham, and Simcoe with a range of services. That includes local, provincial and federally-funded programs such as day-care, early parenting advice and helping newcomers settle in the region. It serves up to 15,000 individuals a year.