Cybercriminals don’t discriminate. It doesn’t matter how famous you are, if your information is vulnerable, then they will exploit it. And that’s exactly what the infamous Russian hacking group, Conti, has managed to do in their latest high-profile ransomware attack on London-based jeweller to the stars, Graff.
Wealthy, powerful and famous people such as David Beckham, Donald Trump and Oprah Winfrey are among Graff’s regular customers. Safe to say, they would not have expected their private data and information to be at risk following their purchases! With client lists, invoices, receipts, credit notes and details like home address all at stake, public exposure could prove to be reputationally damaging and embarrassing for Graff’s celebrity clientele. The data could reveal evidence of gifts bought for secret lovers or jewellery accepted as bribes.
The hacking group is demanding tens of millions of pounds in ransom and has already published 1% of the data they are holding on the dark web. That equates to a whopping 69,000 records belonging to 11,000 of the diamond specialist’s A-list customers. Once on the dark web, the data could be used for further theft, extortion or blackmail by the terrorists and criminals that frequent it. Unfortunately for these celebrity victims, the consequences of the hack could potentially continue long after the initial ransomware attack is resolved.
How Did The Attack Happen?
For a Ransomware-as-a-Service attack to work, hackers first need to gain access to a target’s IT infrastructure and database in order to infect it with a virus. Typically, this requires a ‘back door’ entry that allows the hackers to avoid detection and bypass any anti-virus software or firewall that could prevent them from stealing the company’s data.
Whilst an investigation from the Information Commissioner’s Office (ICO) is ongoing, we suspect that one of Graff’s staff fell victim to a phishing email scam and unknowingly opened a file containing the sophisticated ransomware computer virus. Unfortunately, once that ransomware software was detected in the system, it was too late.
With its reputation and that of its wealthy customers on the line, Graff needed to react quickly. It managed to shut down its network as soon as the intrusive activity was detected by its security systems. According to a Graff spokesperson, they have been working closely with the ICO and relevant law enforcement agencies to solve the issue and have already informed the individuals whose personal data was affected and have advised them on the appropriate steps to take.
Who Are Conti?
Believed to be based near St Petersburg, malicious activity from the Russian hacking group, Conti was first spotted in May 2020 and claims to personally have had over 150 successful extortion attacks in that year alone, making up to $20 million in revenue.
Conti distributes a modified version of the 'Ryuk' ransomware which is used by affiliates of the 'Wizard Spider' group, offering ransomware as a service (RaaS). The human-operated double extortion ransomware gets in there quickly to steal and threaten to expose data, as well as encrypt it before most organisations have even noticed. Known for how fast it can deploy and encrypt data systems, Conti has been flagged by the CISA, the FBI and the NSA in a joint Cyber Security Advisory to warn organisations of the increased ransomware attacks.
Why Are Ransomware Attacks On The Rise?
In the first half of 2021, the number of ransomware incidents doubled globally. Attacks involving data exfiltration and the leakage of victims’ data spanned 63 countries and 18 industries, with manufacturing being the most affected.
Cybercriminals are opportunistic. It’s clear that hackers are wising up to the potential profitability of ransomware attacks since they remain largely uncontested and highly profitable. In other words, malicious actors continue to make good money from these types of incidents. The Graff attack is a prime example of how much value is placed on private data with huge ramifications for the privacy of the impacted clients. Due to the high-profile nature of the clients, including infamous figures such as Ghislaine Maxwell, and the Saudi Crown Prince Mohammed bin Salman, the data is worth an incredible amount to other malicious groups.
Currently, ransomware is one of the biggest threats any organisation can face. The deployment speed, level of destruction, lasting reputational damage and extortionate costs it takes to recover, render ransomware one of the most immediate dangers faced by the UK and beyond.
When discussing how to tackle an attack from a sophisticated hacking group like Conti, the first step, of course, is to prevent it from happening in the first place.
User awareness and practising good cyber hygiene is key to ensuring an attacker cannot gain a foothold on a victim network. As mentioned earlier, the malware in the Graff attack was likely deployed via a malicious email attachment and lack of staff awareness. Education and training, like what we offer here at CSA, is invaluable for detecting and preventing attacks such as these.
The best way for an organisation to prove their defences can protect them if ransomware, like in the Graff case, was deployed onto their IT systems and infrastructure is to put it to the test. And, we offer several services, such as a Simulated Phishing Campaign and Ransomware Attack Simulation to do just that!
Undertaken by our team of expert cyber professionals, our services test your IT defences and incident response capabilities by issuing a real-time, ‘benign’ ransomware attack or simulated phishing campaign. Deployed safely and under the visibility of your own team, our simulations will mimic an attack on your IT services and demonstrate what would happen to your IT systems if a real-life incident took place.
Following the simulation service, we will be able to assess where any vulnerabilities lie, should there be any, and make recommendations on corrective actions and solutions to help strengthen your IT defences for the future.
To find out more about our Simulated Phishing Campaign and Ransomware Attack Simulation Service and how we can help your business stay secure, get in touch!