Cyber Incident Victim: Jjmeds
Date:
Mar 2018
Location:
Canada
Summary
A Canadian medical marijuana delivery service experienced a cyberattack involving an extortion threat demanding payment to prevent customer data exposure. The attackers contacted the company via email, prompting immediate mitigation measures including taking the website offline, removing stored IDs, and engaging a security firm to eliminate malware and other compromises. Operations were suspended indefinitely pending security restoration, halting new orders and member benefits, though existing paid orders were prioritized for fulfillment. The company publicly denied involvement in any exit scam, emphasizing its commitment to customer privacy while acknowledging both the business and its clients as victims of the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 9, 2018, Canadian medical marijuana delivery service JJ Meds suffered a cyberattack involving an extortion threat. The attackers, operating via the email address [email protected], demanded payment to prevent the leakage of customer information. Upon discovery of the threat, JJ Meds leadership immediately took action to contain the incident. They shut down their website entirely to prevent further unauthorized access and removed all stored user IDs from their systems to limit exposure of customer credentials. The company engaged a cybersecurity firm to conduct forensic analysis, remove any implanted malware, and eliminate other unauthorized modifications to their web infrastructure. This response halted all new orders indefinitely until security could be verified, directly disrupting business operations and customer access to services.
The attack caused significant operational disruption, forcing JJ Meds to suspend its core sales functions while maintaining fulfillment of existing paid orders. Customers lost access to member benefits and loyalty programs due to the security measures implemented. JJ Meds publicly communicated the incident through the CanadianMOM online forum, emphasizing their victim status while assuring customers they would never intentionally harm them or execute an "exit scam." The company directed customer inquiries to [email protected] and provided a public image link to the extortion email as evidence of the threat. By prioritizing system isolation and malware eradication over maintaining revenue streams, JJ Meds demonstrated a containment-focused response strategy aimed at protecting customer data integrity. They committed to restoring services only after comprehensive security verification, though no specific timeline was provided for resuming normal operations.