Oregon-based Jewett-Cameron Company, a manufacturer of fencing, kennels, and specialty wood products, has confirmed that it was the victim of a double-extortion ransomware attack on October 15, 2025, in an incident that disrupted operations and exposed sensitive corporate data. The attackers infiltrated the company’s IT network, deploying encryption and monitoring software, which temporarily halted key business functions and prevented access to core systems.

According to an internal memorandum from company leadership, the attackers not only encrypted systems but also stole sensitive data, including financial information intended for an upcoming SEC filing and even images captured from internal video meetings. The stolen material is now being leveraged in a classic double-extortion scheme, with the attackers demanding a ransom to prevent public release of the data.

While Jewett-Cameron reports that its cybersecurity insurance is expected to cover the costs of incident response and system recovery, the company acknowledges that the attack has caused significant operational disruptions that could have a material impact on business performance and regulatory timelines. Specifically, the company warns that the downtime could delay its Form 10-K filing and affect investor confidence if sensitive financial data is leaked prematurely.

The company’s initial investigation indicates that while the breach affected corporate IT systems, no personal information belonging to employees, customers, or suppliers appears to have been compromised. This limits the potential exposure of third-party data but does not diminish the strategic and reputational risks of the event.

Jewett-Cameron has engaged external cybersecurity counsel and forensic specialists to contain the breach, investigate the attack, and restore operations. The company has since contained the intrusion and is working to rebuild systems while evaluating whether to comply with the ransom demand — a complex decision balancing reputational risk, investor relations, and the ethical implications of paying threat actors.

The ransomware group behind the attack remains unidentified publicly, but their tactics — combining data encryption with exfiltration and public pressure — align with the growing trend of double-extortion operations that target small and mid-sized manufacturing and supply chain organizations.

This incident underscores the escalating risks facing manufacturers and public companies that handle sensitive financial disclosures. The attack on Jewett-Cameron highlights the intersection of operational technology (OT) and corporate IT vulnerabilities, and the increasing tendency for threat actors to weaponize stolen financial data to pressure organizations into ransom payments.

As of now, Jewett-Cameron maintains that the intrusion is contained, and system restoration is underway. However, the company warns that even with insurance coverage, the broader consequences — including market volatility, regulatory scrutiny, and reputational damage — could be felt long after the systems come back online.

#JewettCameron #Ransomware #Cyberattack #DoubleExtortion #DataBreach #Oregon #ManufacturingSecurity #CyberExtortion #IncidentResponse #CISO #CyberInsurance #OperationalDisruption #DataExfiltration #SEC #Form10K #CyberThreat #BusinessRisk #CyberForensics #EncryptionAttack #SupplyChainSecurity #InformationSecurity #RansomDemand #CyberResilience