Already in receivership, Nygard hit with ransomware that permanently compromised their IT system
Here’s a ransomware incident that left me wondering whether the attackers — who have not been identified — had researched their victim before attacking and establishing their ransom demands. Read the breach notice, below, published this month, and then a media report on the attack that appears after that.
WINNIPEG, MB, Jan. 15, 2021 /PRNewswire/ – On December 12, 2020 , a ransomware attack on the IT System serving Nygard entities in receivership (Nygard Receivership Companies) and which previously served other entities within the “Nygard group of companies”, was discovered. Immediately upon discovering the attack, cybersecurity professionals were engaged to assess and contain the breach. Certain actions implemented, upon instructions from the cybersecurity professionals, appear to have contained the further spread of the ransomware. While ongoing assessment work is proceeding, the full scope and impact of the attack has yet to be determined.
Out of an abundance of caution, Richter Advisory Group Inc., in its capacity as the Court-Appointed Receiver of Nygard Holdings (USA ) Limited, Nygard Inc., Fashion Ventures, Inc., Nygard NY Retail, LLC, 4093879 Canada Ltd., 4093887 Canada Ltd., Nygard International Partnership, Nygard Properties Ltd. and Nygard Enterprises Ltd., is issuing this statement to advise those individuals and parties that may have had dealings with Nygard Receivership Companies or other “Nygard-related” entities to monitor their information for any unusual activity, including, suspicious emails or other communications that claim to be from Nygard. If you have any doubt about the authenticity of an email you should contact Nygard at [email protected] (do not click on any hyperlinks in the email or click on “reply”) before acting.
You can read the full press release on PRNewswire
Caroline Barghout of CBC has a helpful recap of some of the history of Nygard’s financial woes and receivership. According to her reporting, the Nygard Group of companies owed $50 million to creditors when it was placed under receivership in March. Two properties remain to be sold off this month and next month, if the sales go through, athough Nygard had tried to block one, claiming that the creditor had been paid off. The receiver — and the court — disagreed and the sale is to go ahead in February. But in any event, this appeared to be a group of companies in financial straits.
They also had other problems:
Peter Nygard, who in court filings says he is a consultant for the Nygard Group and sole owner of Nygard Enterprises Ltd., has been indicted on nine charges in the U.S. for allegations he sexually assaulted women and girls over a 25-year period in Canada, the U.S. and the Bahamas.
Nygard remains in custody at the Headingley Correctional Centre awaiting extradition to the U.S. He will appear in bail court Jan 28.
So… does this firm strike anyone as a great target for a ransomware attack or expensive extortion demand?
On December 12, and as the press release above described, the IT system of Nygard in receivership was attacked with ransomware. The type of ransomware was not identified in the report, but CBC reports that:
The receiver said the attackers originally asked for a ransom of 99 bitcoins but increased it to 198 bitcoins to decrypt and recover the files.
At December 12, rates for BTC, that would have been about slightly less than USD $3.8 million.
“Payment of the ‘ransom payment’ was not considered by the receiver,” wrote Richter.
The receiver said despite its best efforts, the IT system has been permanently compromised as a result of the attack, and that it’s now focusing on restoring high-priority servers only. Richter said there are nearly 250 severs within the Nygard Group.
So already in receivership and struggling, now they have the expense of recovery from a ransomware attack and they know that they may not be able to restore all servers.
I wouldn’t expect the criminals to have a heart, but I also wouldn’t expect companies in receivership to be targets likely to pay. If the attackers knew the company was in receivership and thought they’d be likely to pay because of that — I’d love to understand their reasoning.