Cyber Incident Victim: Massy Distribution Jamaica
Date:
Sep 2022
Location:
Jamaica
Summary
Massy Distribution Jamaica experienced a ransomware attack that compromised its systems, discovered approximately two weeks prior to public confirmation. The company stated the incident was resolved through existing cybersecurity measures and business continuity protocols, restoring operations without affecting core Enterprise Resource Planning software. While specifics of the attack remained under investigation, the organization did not confirm whether customer data was breached or if ransom demands were met, nor did it involve government authorities in its response. This marked the second cybersecurity incident within the Massy Group in the same year, following an earlier attack that disrupted retail operations in another regional subsidiary.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Massy Distribution Jamaica, a major supplier of consumer and pharmaceutical goods, confirmed it experienced a ransomware attack discovered approximately two weeks prior to October 1, 2022, placing the incident around September 17. The company acknowledged the cyberattack in a public statement but declined to specify whether customer data was compromised or if ransom payments were made to attackers. Ransomware attacks typically involve hackers encrypting victims' data and demanding payment for decryption, with some threat actors additionally exfiltrating sensitive files to leverage for extortion. Massy's Marketing and Corporate Communications Manager Patria-Kaye Charles stated the incident "has been resolved," though technical experts continued investigating the specifics of the intrusion. The company emphasized its cybersecurity measures enabled timely identification and response but provided no details about the attack vector, duration of system compromise, or scope of data access by threat actors.
Massy reported its Enterprise Resource Planning software remained unaffected during the incident, allowing full operational resumption through robust business continuity protocols and shared expertise within the corporate group. No government authorities were engaged in the response, indicating internal handling of remediation. This marked the second cybersecurity incident affecting the Trinidad-based Massy Group in 2022, following an April 28 attack that forced the closure of Massy Stores in Trinidad and Tobago. The company avoided disclosing containment measures taken, forensic findings, or financial or reputational impacts stemming from the Jamaica incident. Restoration efforts prioritized maintaining supply chain operations for consumer and pharmaceutical goods, though the attack's effect on distribution timelines or internal communications was not quantified. Massy reiterated confidence in its cybersecurity risk mitigation strategies without elaborating on planned improvements post-incident.