Hacking group Conti attacks jewellery firm Graff and releases some data

Russian hacking group Conti has accessed client information from jewellery firm Graff and released data of about 11,000 of Graff’ clients on the dark web, DailyMail reported.
Graff cyber attack
London-based Graff, a well known jewellery shop for celebrities and high-networth individuals, does not reveal its IT budget or cyber security partners.

The cyber criminals have leaked 69,000 documents on the dark web, including files relating to Donald Trump, Oprah Winfrey, David Beckham, Sir Philip Green, Formula One heiress Tamara Ecclestone, former footballer Frank Lampard, Hollywood actors Tom Hanks, Samuel L Jackson and Alec Baldwin, Singer Tony Bennett, among others.

They are demanding tens of millions of pounds in ransom money to stop the release of further sensitive information.

Documents including client lists, invoices, receipts and credit notes have been taken, and could prove embarrassing for customers who may, for example, have bought gifts for secret lovers or taken jewellery as bribes.

Cyber experts believe the extortionists will demand payment either in an untraceable cyber currency such as Bitcoin – or even in jewels.

Conti, which is believed to be based near St Petersburg, released the first cache of customer information earlier this month on the dark web.

The Information Commissioner’s Office (ICO), which can impose multi-million pound fines on companies that fail to keep customers’ data secure, said it was investigating the breach.

London-based Graff said it had informed those whose personal data may have been accessed.

Cyber experts said it was most likely that the hackers gained access to Graff’s files by sending an email which duped a member of staff into opening a file containing a sophisticated ransomware computer virus.

This would have given the hackers a back door to steal the company’s data, bypassing any anti-virus software or firewall.

Conti is also known for threatening to disclose attacks to the victims’ clients, partners and other parties. Conti and other ransomware groups usually define the ransom depending on the size of the company and its revenue. Conti’s ransom demands start very high, about ten per cent of the victim’s annual revenues.

A spokesman for the ICO, which can impose fines of up to four per cent of company turnover, said: “We have received a report from Graff Diamonds Ltd regarding a ransomware attack. We will be contacting the organisation to make further enquiries in relation to the information that has been provided.”

A spokesperson for Graff, which according to its latest accounts had revenues of £450 million in 2019, said: “Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber attack by professional and determined criminals.”

“We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network. We notified, and have been working with, the relevant law enforcement agencies and the ICO.”

Related News

Latest News

Latest News