Oregon-based Jewett-Cameron Company, a provider of fencing, specialty wood, gardening products, and accessories for dogs like kennels and crates, has disclosed that it was the target of a recent cyberattack. The company, which revealed the intrusion in an SEC filing, stated that it first detected unauthorized access to its IT environment on October 15. An ongoing investigation has since confirmed that hackers deployed “encryption and monitoring software” across its corporate IT systems, indicating a sophisticated attack that has led to immediate operational difficulties.
The attack has caused significant disruptions, preventing the company from accessing several business applications crucial for both its operations and corporate functions. However, Jewett-Cameron believes it has successfully contained the intrusion and is now focused on restoring the compromised systems. Crucially, the company has found no evidence to suggest that the personal information of employees, customers, vendors, or suppliers has been compromised in the incident, offering some assurance to its stakeholders.
Despite containing the breach, the investigation determined that the hackers successfully exfiltrated data. This stolen information included “images of video meetings and computer screens” that may contain sensitive company data. More specifically, the company stated that the exfiltrated data “primarily relates to IT related information and financial information” that it was actively compiling to prepare for its upcoming Annual Report on Form 10-K, which is expected to be filed in mid-November.
The incident appears to be a double-extortion ransomware attack, where files are encrypted and data is stolen to pressure the victim into paying a ransom. Jewett-Cameron confirmed that the threat actors have indeed threatened to publicly release the stolen information unless their demands are met. The identity of the ransomware group responsible for the attack remains unclear, as the company has not yet been publicly named on any known threat actor leak sites.
Jewett-Cameron anticipates that the costs associated with responding to and mitigating the incident will be covered by its existing cybersecurity insurance policy. While this coverage will help manage direct expenses, the company acknowledged that the ongoing disruptions to its business operations and corporate functions may still result in a “material impact” on its performance. The firm continues to work with investigators to fully understand the scope of the breach and restore its full business functionality.
Reference:
