Toronto Zoo, the largest in Canada, has suffered a ransomware attack, the organization has confirmed, stating that everyday activities don’t seem to be disrupted, although a wider investigation is ongoing.
The organization was keen to stress that its animals are not impacted by the incident, and normal zoo operations continue. The website is also not impacted, and visitors can purchase tickets on the zoo’s website as usual.
But the company is still investigating to see if any other systems are impacted, and whether or not the attack will affect its guests, members, or donors. “We can confirm we do not currently store any credit card information,” the press release reads. “Once we have more information we will share it broadly.”
Missing key details
The Toronto Zoo also notified the City of Toronto’s Chief Information Security Office, and has retained a thirdparty cybersecurity expert to resolve the situation. The Toronto Police Services have also been notified.
Unfortunately, there are many details missing from the announcement. We don’t know who the threat actors are, or how they managed to infiltrate the Zoo’s IT infrastructure. We also don’t know if they managed to steal any sensitive information, and if so how much, and from whom.
Finally, we don’t know what their demands are, and if their plan is to release the data on the dark web any time soon. We have asked the Zoo’s media representatives for further clarification and will update the article accordingly.
Ransomware operators usually do two things: steal sensitive data, and encrypt the endpoints. Then, they ask for money in cryptocurrency in exchange for the decryption key, and for keeping the stolen data private. Most cybersecurity experts and law enforcement agencies agree that victims should not pay the ransom demand.