Celebrities’ personal data leaked following ransomware attack on jewellery giant Graff

Celebrities’ personal data leaked following ransomware attack on jewellery giant Graff

Celebrities' personal data leaked following ransomware attack on jewellery giant Graff

A group of cybercriminals who targeted exclusive jewellery firm, Graff, with a ransomware attack have now uploaded the personal details of a number of Hollywood A-listers and billionaire tycoons on the Dark Web.

Headquartered in London, Graff was founded in 1960 by British jeweller Laurence Graff and now boasts more than 50 retail shops around the world, including shops in New York, Las Vegas, Melbourne, Monte Carlo, Courchevel, Kiev, Beijing, and Taipei.

Last week, the Mail reported that cyber criminals behind the ransomware attack on Graff leaked personal files of the jewellery giant’s high profile clients, including those related to former US President Donald Trump, Oprah Winfrey, David Beckham, Sir Philip Green, and several Arab royals. 

The files published by the hackers on the Dark Web contained details like client lists, invoices, receipts, and credit details of the firms’ customers. These details could prove to be embarrassing to some who may have bought gifts for secret lovers or taken jewellery as a bribe.

International superstars whose data featured in the leak included Hollywood actors Tom Hanks, Samuel L Jackson, Alec Baldwin, and singer Tony Bennett. Multiple addresses for US chat show queen Oprah Winfrey and Donald and Melania Trump were also published by the hackers.

The notorious Russian hacking gang Conti is believed to be behind this attack. The group has reportedly claimed that the 11,000 files it initially leaked are just 1% of the data it stole from Graff. It has also threatened to publish the rest of the data if the jewellery firm fails to pay the ransom demand. There is, however, no information about how much ransom has been demanded from the jewellery firm.

“Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber-attack by professional and determined criminals. We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network. We notified, and have been working with, the relevant law enforcement agencies and the ICO,” said a Graff spokesperson.

“We have informed those individuals whose personal data was affected and have advised them on the appropriate steps to take.”

According to Shlomie Liberow, Principal Security Architect at HackerOne, the cyber attack targeting Graff and the subsequent release of personal information of celebrities on the Dark Web shows that even celebrities aren’t invulnerable to the threats posed by a digitally unsecure supplier. 

“Instead of targeting just one person or one organization, with a single hit on a luxury supplier, the group has been able to access thousands of high profile and valuable customer details. There’s an additional revenue source for the group too in that since the customers are so high profile, they are able to demand a ransom for the information,” he said.

Javvad Malik, a lead security awareness advocate at KnowBe4, says that this appears to be a targeted attack against high net value individuals. While it may be true that a great deal of personal information may not have been exposed, it can all still be useful to criminals. “On their own, they may be inert, but combined together, can be devastating. All victims whose data has been affected should be notified in a timely manner,” he said.

Conti has been behind some of the most notorious ransomware attacks in the recent past. Earlier this year, Exagrid was forced to cough up a ransom of $2.6 million in Bitcoin after hackers used the Conti ransomware to encrypt the company’s servers and exfiltrate as much as 800GB of data, including the personal data of clients and employees.

After encrypting the company’s servers, the hackers contacted the company to inform them about the hack, claimed they had encrypted file servers and SQL servers, downloaded up to 800GB of data, and commanded the company to pay $7,480,000 as ransom to obtain the decryptor.

Copyright Lyonsdown Limited 2021

Top Articles

2,500 years of Threat Intelligence

In order for threat intelligence to deliver as promised, we need to heed Sun Tzu and start with a data-driven approach.

Don’t fall foul of homoglyph web domains

Homoglyphs are characters from other scripts, which can look like Latin letters. They are used in domain names and they are very hard to spot.

Cyber attack targeted Spanish beer maker Damm; halted brewery operations

Damm, Spain's second largest beer-making company, suffered a major cyber attack targeting one of its IT systems last week.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]