Cyber Incident Victim: Ganong Bros.
Date:
Feb 2025
Location:
Canada
Summary
Ganong Bros. experienced a ransomware cyber attack disrupting operations at its St. Stephen facility, though normal operations were later restored. The company implemented countermeasures upon discovery, including engaging cybersecurity experts and legal counsel for containment, remediation, and a forensic investigation to determine if personal information was compromised, promising notification if required. The PLAY ransomware group, linked to Russia, claimed responsibility on the dark web, posting screenshots of stolen internal communications and data, characteristic of attacks involving data theft and encryption for ransom demands.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 22, 2025, Ganong Bros. Ltd. in St. Stephen discovered an IT security incident. Upon discovery, the company immediately implemented countermeasures to protect its network and data. These actions included retaining third-party cybersecurity experts and external legal counsel. The external experts were tasked with assisting in containment, remediation, and conducting a forensic investigation to determine the extent of the incident. Operations at the company's St. Stephen facility were temporarily disrupted as a result of the attack. Ganong has since restored its operations to normal levels following the initial disruption and containment efforts. Claire Ryan, Ganong's Director of Public Relations, confirmed these details via email.
The cybersecurity firm RedPacket Security identified the incident as a ransomware attack linked to a group known as PLAY, which is believed to be based in Russia. RedPacket found evidence of the attack on a dark web site, including a screenshot purportedly showing internal communications and data stolen from Ganong. Ransomware attacks typically involve hackers stealing and encrypting a victim's data before demanding payment, often in cryptocurrency like Bitcoin, for decryption keys; the stolen data may also be sold to other criminal entities. Ganong's internal investigation remains ongoing to determine if any data, including personal information, was compromised during the breach. Should the investigation conclude that personal information was impacted, Ganong stated it will notify affected individuals directly in accordance with applicable privacy laws. Ryan did not disclose whether a ransom demand was received by Ganong or if any ransom payment was made.