Cyber Incident Victim: Community Care of St. Catharines and Thorold
Date:
Jun 2017
Location:
Canada
Summary
A ransomware attack encrypted the computer systems of Community Care of St. Catharines and Thorold, rendering devices unusable and displaying demands for a $3,000 Bitcoin payment to restore access. The non-profit organization refused to pay the ransom and instead engaged technical support to wipe affected systems and restore operations from backups. While client data remained secure in cloud storage, the incident caused over a week of operational disruption during recovery efforts. Full system functionality was eventually regained after approximately seven days, with only data created since the last backup cycle being permanently lost. The attack highlighted critical cybersecurity vulnerabilities despite successful data recovery protocols.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 28, 2017, at 11:26 p.m., the NW4 ransomware virus infected the servers of Community Care of St. Catharines and Thorold, a local food bank and nonprofit organization. Staff discovered the attack upon arriving at work the following morning, June 29, when all computers became inoperable. Every workstation displayed a ransomware message indicating file encryption and demanding a $3,000 Bitcoin payment for decryption keys. The organization immediately declined to pay the ransom. Technical support personnel were contacted and recommended wiping affected systems while restoring operations from backup data. Restoration efforts required nearly one week to complete, with full system access gradually reinstated during that period. Data loss was confined to information created between the time of the last backup and the attack.
The cyberattack caused operational disruption lasting over seven days, paralyzing computer-dependent workflows. Client records remained secure throughout the incident due to cloud-based storage solutions separating them from compromised local systems. CEO Betty-Lou Souter publicly confirmed the ransomware's impact while emphasizing heightened cybersecurity awareness as a critical organizational priority following the event. No forensic details regarding initial infection vectors were disclosed, as investigators couldn't determine how the ransomware infiltrated the network. The incident underscored operational vulnerabilities to digital threats despite successful data recovery through existing backup protocols. Souter characterized the experience as a cautionary example of cyber intrusions being easy to initiate but difficult to contain once underway.