• About
    • About Us
    • Our Expertise
    • Meet The Team
    • Careers
  • Managed Services
    • Overview
    • Monitoring & Detection
    • Protection
    • Response
    • Training
  • Cyber Assessments
  • Consultancy
    • Consulting Services
    • Cyber Executives
  • News & Resources
    • In the News
    • Blog
    • Resources
  • Contact
Can We Help?
  • About
    • About Us
    • Our Expertise
    • Meet The Team
    • Careers
  • Managed Services
    • Overview
    • Monitoring & Detection
    • Protection
    • Response
    • Training
  • Cyber Assessments
  • Consultancy
    • Consultancy Service
    • Cyber Executives
  • News & Resources
    • In the News
    • Blogs
    • Resources
  • Contact
  • Can We Help?

Is Data More Valuable Than Jewels? The A-List Cyber Heist That’s Putting Ransomware Attacks On The Map

Cybercriminals don’t discriminate. It doesn’t matter how famous you are, if your information is vulnerable, then they will exploit it. And that’s exactly what the infamous Russian hacking group, Conti, has managed to do in their latest high-profile ransomware attack on London-based jeweller to the stars, Graff.

Wealthy, powerful and famous people such as David Beckham, Donald Trump and Oprah Winfrey are among Graff’s regular customers. Safe to say, they would not have expected their private data and information to be at risk following their purchases! With client lists, invoices, receipts, credit notes and details like home address all at stake, public exposure could prove to be reputationally damaging and embarrassing for Graff’s celebrity clientele. The data could reveal evidence of gifts bought for secret lovers or jewellery accepted as bribes.

The hacking group is demanding tens of millions of pounds in ransom and has already published 1% of the data they are holding on the dark web. That equates to a whopping 69,000 records belonging to 11,000 of the diamond specialist’s A-list customers. Once on the dark web, the data could be used for further theft, extortion or blackmail by the terrorists and criminals that frequent it. Unfortunately for these celebrity victims, the consequences of the hack could potentially continue long after the initial ransomware attack is resolved.

How Did The Attack Happen?

For a Ransomware-as-a-Service attack to work, hackers first need to gain access to a target’s IT infrastructure and database in order to infect it with a virus. Typically, this requires a ‘back door’ entry that allows the hackers to avoid detection and bypass any anti-virus software or firewall that could prevent them from stealing the company’s data.

Whilst an investigation from the Information Commissioner’s Office (ICO) is ongoing, we suspect that one of Graff’s staff fell victim to a phishing email scam and unknowingly opened a file containing the sophisticated ransomware computer virus. Unfortunately, once that ransomware software was detected in the system, it was too late.

With its reputation and that of its wealthy customers on the line, Graff needed to react quickly. It managed to shut down its network as soon as the intrusive activity was detected by its security systems. According to a Graff spokesperson, they have been working closely with the ICO and relevant law enforcement agencies to solve the issue and have already informed the individuals whose personal data was affected and have advised them on the appropriate steps to take.

Who Are Conti?

Believed to be based near St Petersburg, malicious activity from the Russian hacking group, Conti was first spotted in May 2020 and claims to personally have had over 150 successful extortion attacks in that year alone, making up to $20 million in revenue.

Conti distributes a modified version of the 'Ryuk' ransomware which is used by affiliates of the 'Wizard Spider' group, offering ransomware as a service (RaaS). The human-operated double extortion ransomware gets in there quickly to steal and threaten to expose data, as well as encrypt it before most organisations have even noticed. Known for how fast it can deploy and encrypt data systems, Conti has been flagged by the CISA, the FBI and the NSA in a joint Cyber Security Advisory to warn organisations of the increased ransomware attacks.

Why Are Ransomware Attacks On The Rise?

In the first half of 2021, the number of ransomware incidents doubled globally. Attacks involving data exfiltration and the leakage of victims’ data spanned 63 countries and 18 industries, with manufacturing being the most affected.

Cybercriminals are opportunistic. It’s clear that hackers are wising up to the potential profitability of ransomware attacks since they remain largely uncontested and highly profitable. In other words, malicious actors continue to make good money from these types of incidents. The Graff attack is a prime example of how much value is placed on private data with huge ramifications for the privacy of the impacted clients. Due to the high-profile nature of the clients, including infamous figures such as Ghislaine Maxwell, and the Saudi Crown Prince Mohammed bin Salman, the data is worth an incredible amount to other malicious groups.

Currently, ransomware is one of the biggest threats any organisation can face. The deployment speed, level of destruction, lasting reputational damage and extortionate costs it takes to recover, render ransomware one of the most immediate dangers faced by the UK and beyond.

Our Solution?

When discussing how to tackle an attack from a sophisticated hacking group like Conti, the first step, of course, is to prevent it from happening in the first place.

User awareness and practising good cyber hygiene is key to ensuring an attacker cannot gain a foothold on a victim network. As mentioned earlier, the malware in the Graff attack was likely deployed via a malicious email attachment and lack of staff awareness. Education and training, like what we offer here at CSA, is invaluable for detecting and preventing attacks such as these.

The best way for an organisation to prove their defences can protect them if ransomware, like in the Graff case, was deployed onto their IT systems and infrastructure is to put it to the test. And, we offer several services, such as a Simulated Phishing Campaign and Ransomware Attack Simulation to do just that!

Undertaken by our team of expert cyber professionals, our services test your IT defences and incident response capabilities by issuing a real-time, ‘benign’ ransomware attack or simulated phishing campaign. Deployed safely and under the visibility of your own team, our simulations will mimic an attack on your IT services and demonstrate what would happen to your IT systems if a real-life incident took place.

Following the simulation service, we will be able to assess where any vulnerabilities lie, should there be any, and make recommendations on corrective actions and solutions to help strengthen your IT defences for the future.

To find out more about our Simulated Phishing Campaign and Ransomware Attack Simulation Service and how we can help your business stay secure, get in touch!

Related articles

Posted on December 29, 2021

What is SquirrelWaffle?

SquirrelWaffle is known as a dropper malware, where it would be used to download additional and potentially more destructive malware onto…

Posted on December 16, 2021

CSA Awards of the Year 2021

As we near the end of year, an incredibly busy year for our teams in terms of growth and innovation, we wanted to take a moment to…

Posted on December 14, 2021

Cyber Essentials Changes: Here's Everything You Need To Know

Rapid digital transformation, mass adoption of cloud-based services and migration to home-working were necessary changes for businesses…

Posted on December 8, 2021

CSA 12 Days of Cyber Christmas

As the end of the year fast approaches, we wanted to share a little refresher on ways to ensure your technology and data remains…

Posted on December 1, 2021

Planning To Shop Online This Holiday Season? Here Are The Cybercrimes You Need To Be Aware Of

Black Friday and Christmas are considered a blessing and a curse within the retail industry. It’s a time where retailers…

Posted on October 20, 2021

This Apple “AirTag” Vulnerability could be harvesting your credentials

During late September, the headlines were hit with the news of a vulnerability within Apple’s AirTag…

Posted on October 13, 2021

September Security Roundup

Currently, the world faces not one pandemic but two: Coronavirus and the rise of ransomware attacks…

Posted on October 6, 2021

CSA adds Lookout Mobile Endpoint Security to growing solutions portfolio

Following the global pandemic, the mass migration to remote working was a necessary move…

Posted on September 15, 2021

​​The Rising Popularity of NFTs and The Rising Security Threat

The art world is known for being ahead of the curve, adopting new and interesting technologies to…

Posted on September 7, 2021

TG1021 (Praying Mantis): The new threat actor group that could be targeting your IIS servers!

Recently, an infamous threat actor group going by the name of TG1021 or Praying Mantis…

Posted on August 19, 2021

Is Cyber Training and Education working?

The report from the ICO on the ‘surprising’ decline in personal data breaches…

Posted on August 13, 2021

How did an unknown hacker steal over $600M in cryptocurrencies in the biggest ever crypto based cyber-attack?

On 10th August 2021, Poly Network announced in a tweet that it had been attacked…

Posted on May 12, 2021

How to Prevent a Ransomware Attack

According to a 2020 survey by Sophos, 51% of organisations were hit by Ransomware in the last year…

Posted on March 23, 2021

Is your Microsoft M365 service secure from attackers? Are you sure?

The mass migration to remote working as a result of the coronavirus pandemic has…

Posted on January 10, 2021

Covid-19: How to prepare your staff
for remote working

Since the initial Covid-19 outbreak, the nation’s workforce had to learn to quickly…

Posted on December 13, 2020

Covid-19: Cyber Criminals Launch
Their Own ‘Virus’

Whilst the world is currently preoccupied with public health, cyber attackers have taken…

Posted on November 20, 2020

The rise of Covid-19 phishing scams

Whilst the rollout of the Covid-19 vaccine across the UK brings with it the good news…

About

  • About Us
  • Our Expertise
  • Meet The Team
  • Careers

Managed Services

  • Overview
  • Monitoring & Detection
  • Protection
  • Response
  • Training

Consultancy

  • Consulting Services
  • Cyber Executives

News & Resources

  • In the News
  • Blog
  • Resources

Cyber Assessments

Can We Help?

Partner Portal

Contact

Head Office Unit 11, Wheatstone Court, Waterwells Business Park, GL2 2AQ
©2022 Cyber Security Associates. All Rights Reserved.
Terms of Use Privacy Policy
Powered by P1C
This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.
Cookie settingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT

Can We Help?