Cyber Incident Victim: Massy Group
Date:
Sep 2022
Location:
Jamaica
Summary
Massy Distribution Jamaica suffered a ransomware attack where hackers encrypted data and may have copied sensitive files. The incident, discovered recently, has been resolved with the company stating its systems and Enterprise Resource Planning software remained unaffected and operations are fully resumed. It remains unclear if customer data was breached or if any ransom was paid, as the company used its internal cybersecurity and business continuity measures without involving authorities. This marks the second cyber incident for the Massy Group in the current year, after a previous attack forced the closure of Massy Stores in Trinidad and Tobago.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Massy Distribution Jamaica, a major supplier of consumer and pharmaceutical goods in Jamaica, experienced a ransomware attack that was discovered approximately two weeks prior to the public statement issued on October 1, 2022. The company's technical experts identified the incident, which involved hackers encrypting systems and potentially exfiltrating data, a common tactic in such attacks where perpetrators demand payment for decryption keys and threaten to publish stolen information. Upon discovery, Massy's response was guided by its internal cybersecurity risk mitigation protocols and business continuity plans. The company stated that its investigation into the specifics of the attack was ongoing, and it deliberately declined to answer detailed questions from The Gleaner regarding whether customer data was specifically breached or if any ransom payment was made to the attackers. Despite the intrusion, Massy asserted that its Enterprise Resource Planning (ERP) software and core systems remained unaffected throughout the incident. The company credited its "robust business continuity measures" and the ability to leverage shared expertise across the wider Massy Group for the safe and quick restoration of all affected operations. By the time of the statement, the company confirmed that all its activity had returned to full resumption, and the incident was characterized as resolved. Notably, Massy confirmed it had not involved any Jamaican government authorities in its response to the cybersecurity issue, handling the matter internally through its own technical and management teams.
This incident marked the second cyberattack to affect a member of the Trinidad-based Massy Group within the same year, highlighting a recurring security challenge for the conglomerate. The previous attack had forced the closure of Massy Stores in Trinidad and Tobago on April 28. For the Jamaican distribution arm, the primary impact was operational disruption during the investigation and recovery period, though the company maintained that its critical ERP systems were never compromised, suggesting the attack may have targeted other, perhaps less central, operational or administrative systems. The company's public communication emphasized confidence in its pre-existing security frameworks, claiming these efforts enabled the timely identification and response that prevented greater damage. The decision not to engage law enforcement or government cybersecurity agencies was a significant detail, indicating a preference for private resolution, which is not uncommon in ransomware cases but can limit official forensic analysis. While the immediate operational crisis was declared over, the unresolved questions about data exfiltration left open the potential for longer-term consequences related to privacy breaches or regulatory scrutiny, should any sensitive customer or partner information have been copied before systems were secured. The incident underscored the persistent threat of ransomware to large regional businesses, even those with established continuity plans.