Goodwill of Greater Grand Rapids is currently investigating a cybersecurity breach that has disrupted its internal network and retail operations. While the organization is working with law enforcement to restore its systems, local stores remain open but are restricted to cash-only transactions for the time being.

The organization recently confirmed that a network disruption has impacted the way its local stores operate, specifically affecting the point-of-sale systems. Although an initial statement explicitly labeled the incident a ransomware attack, subsequent updates from the company have shifted to more general language. Despite the technical difficulties, retail locations remain open to the public, though customers must pay with cash until the digital infrastructure is fully recovered.

Internal staff members have emphasized that the shift to cash-only payments is a result of the system outage rather than a compromise of financial data, as the organization does not store credit card information. While the exact date of the breach remains unconfirmed, social media updates indicate that stores have been operating without digital payment options since mid-March. The recovery process is expected to take several days, and a definitive timeline for full restoration has not yet been established.

Because individual Goodwill regional organizations operate on independent networks, this specific security event is confined to the Greater Grand Rapids area. Other branches in different communities remain unaffected and continue to process transactions normally. Local leadership expressed gratitude to the community for their patience while IT teams and authorities work to resolve the technical issues.

Outside experts suggest that the prolonged nature of the outage and the need to rebuild the point-of-sale system from scratch are common indicators of a ransomware event. In such scenarios, attackers typically lock down a network and demand payment for its release, though there is never a guarantee that access will be returned. These experts note that even if systems are recovered, organizations must be wary of how data might be used in the future.

There is a concern that such breaches often involve remote access tools used by financially motivated groups. By gaining entry to the network, attackers may collect information on individuals associated with the organization to facilitate secondary efforts, such as targeted phishing campaigns. For now, Goodwill remains focused on the immediate task of securing its environment and returning to standard business operations.

Source: https://www.wzzm13.com/article/news/local/goodwill-of-greater-grand-rapids-ransomware-attack/69-5c4fe062-7a57-41cc-baaf-32256ab87ec6