Secpo Strikes Again: Richmond Plywood Data Breach Reveals a Growing Ransomware Epidemic

In the shadowy world of ransomware, a new name has surfaced on the leak boards: Richmond Plywood Corporation Limited. The Canadian wood products manufacturer has become the latest victim of the Secpo ransomware group, whose brazen attacks are quickly cementing their reputation as a major threat to corporate security worldwide. The news comes as Secpo continues to publish troves of stolen data from a string of high-profile victims - underscoring an alarming escalation in both the scale and impact of cyber extortion.

The attack on Richmond Plywood is part of a troubling trend: ransomware crews like Secpo are increasingly targeting not just the digital “crown jewels” of companies, but also vast troves of day-to-day operational data. In this breach, over half a million files - ranging from business documents to sensitive personnel information - have been siphoned off and, according to leak site postings, are now in criminal hands. While the filtered dataset is 230GB in size, the full cache reportedly exceeds 1 terabyte, painting a picture of both depth and breadth in the data haul.

Richmond Plywood is not alone. In recent weeks, Secpo’s name has appeared alongside breaches at JM Bozeman Enterprises (over 100,000 unique files involving 4,000+ people and 4,500+ organizations), Indigo Group (nearly 900,000 unique files, impacting 27,000+ individuals and organizations), and Mike Brandner Law (489GB, 459,000+ files). The pattern is clear: no sector is immune, and the scale of exposure is staggering.

Technically, these attacks likely involved exploiting vulnerabilities in remote access systems or email servers - common vectors for ransomware deployment. Once inside, attackers exfiltrate as much data as possible before deploying encryption and issuing their ransom demands. The stolen files are then leveraged for double extortion: pay up, or risk public exposure of sensitive information.

The public leak site Ransomware.live, which tracks these disclosures, emphasizes that it only indexes information already made public by ransomware operators. Still, the existence of such platforms highlights the normalization of large-scale data exposure as a weapon - turning private company records into bargaining chips in a high-stakes digital shakedown.

As Secpo’s latest victim, Richmond Plywood now joins a growing list of organizations forced to grapple with the aftermath of data theft in the ransomware era. The question for businesses everywhere: Are you next, and will your digital defenses hold?

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Exfiltration: Exfiltration is the unauthorized transfer of sensitive data from a victim’s network to an external system controlled by attackers.
• Leak Site: A leak site is a website where cybercriminals post or threaten to post stolen data to pressure victims into paying a ransom.
• Double Extortion: Double extortion is a ransomware tactic where attackers both encrypt files and steal data, threatening to leak the data if the ransom isn’t paid.
• Remote Access Vulnerability: A remote access vulnerability is a weakness that lets outsiders connect to a network, potentially allowing hackers to exploit and access sensitive systems.