Russia-based Conti gang has targeted a U.K.-based jewelry firm, Graff, in a ransomware attack. The hackers claim to have leaked 69,000 documents with critical information on the dark web

CISOMAG

Conti gang, in yet another attack, has targeted a well-known U.K.-based luxury jewelry brand Graff. As per reports, the hackers have pillaged the personal details of the well-heeled clients of the firm and sold a part of the bounty on the dark web.

Russia-based Conti group, responsible for over 400 ransomware attacks recently, is again making headlines with its recent virtual heist at Graff Jewellers firm. Personal details of billionaire tycoons, world leaders, politicians, and Hollywood A-listers, who are clients of the firm, have been stolen and partly published on the dark web to seek ransomware. The A-listers include Donald Trump, Oprah Winfrey, Tom Hanks, David Beckham, Formula One heiress Tamara Ecclestone, former footballer Frank Lampard, Singer Tony Bennett, and Sir Philip Green.

The leaked data includes client lists, receipts, credit notes, and invoices, which could be exploited for personal or financial gain. The hackers claim to have leaked 69,000 documents with critical information on the dark web. They are also demanding millions of pounds in ransom in exchange for the unsold stolen data.

Cache 22

It isn’t an easy choice between relenting to the demand of attackers or taking a stand against a criminal group.

Dan Halpin, Managing Director of Cybertrace, opines, “Non-payment of the ransom is a necessary global strategy for defeating ransomware gangs. Graff Jewelers will lose regardless of their decision, whether that be through ransom payment, loss of business records, or reputational damage. And then, of course, their clients may become collateral damage.”

It’s understandable that Graff Jewellers would choose to protect their clients and pay the ransom. However, this is counteractive to global efforts and will encourage ransomware gangs.

Halpin further added, “Graff Jewellers need to accept that there is no alternative but to work with authorities to collect all forensic data required to investigate and take down the gang. We have seen this strategy work with the recent takedown of the notorious ransomware gang REvil. The only situation the ransomware gangs fear and despise at the same time is non-payment and being investigated globally.”

Delving into the issue of giving in to the ransom demands, Steve Turner, Analyst, Security & Risk, Forrester, opined, “Organizations should put themselves in the best position possible by reducing the risk of exposure should something within their organization get compromised and where a breach doesn’t force their hand in terms of having to pay a ransom. Whether or not to pay a ransom is still a very grey area due to the state of security across all organizations big and small, but at some point, we will get to a position where that decision leans more towards no.”

Luxury brands, hospitality, and varied customer rich services depend on their high-end client base, and any vulnerability can lead to complete downtime or closing of business at times. These firms may not be high net worth but have clients who are billionaires with sensitive data. Their IT security budgets are not at par with other industry sectors where data and network security are prioritized. Critical infrastructure, public services, health care, and telecom are among the few sectors that are most frequently targeted. But post-pandemic, there has been a visible trend where attacks are moving to SMBs and end-user services like restaurant chains, boutique shops, and small retailers.

Turner says, “Ransomware operators attack targets that have a higher likelihood to pay such as critical infrastructures such as Colonial Pipeline or folks that have a litany of extremely personal information such as healthcare and public media agencies. The threat to all these organizations, especially ones without significant information security resources, remains incredibly high. The lack of security hygiene has been thrust into the limelight, whether it be organizations not patching their systems to folks getting their credentials stolen via a phishing attack, but it’s really easy to throw stones and place blame when these organizations, big and small that haven’t been given guidance, assistance, and support (financial, regulatory, etc) they needed to implement the basics.”

Global Efforts

The menace of ransomware has been so imminent that there are constructive initiatives put into action globally. In September 2021, CISA and the FBI issued an alert on increased Conti ransomware in over 400 attacks on U.S. and international organizations. The agencies issued a joint advisory listing the technical details of the attacks and suggestions to safeguard the organizations’ systems against the Conti attack.

Resilience and Recovery

Organizations globally are working on their security posture by creating awareness around data privacy and access. It has been asserted on numerous occasions that resiliency and recovery should be prioritized over everything else.

Turner said, “Every organization should be backing up their critical data and storing them offline, enforcing least privilege access across the board paired with multifactor authentication, and implementing comprehensive security monitoring that includes both detection and response. Longer term, moving to the model of zero trust helps provide a significant defense in depth strategy without breaking the bank. These recommendations give companies a significantly better chance of fending off or recovering from ransomware or any other devastating attacks. Even implementing one of these recommendations can make a difference between a company shutting down for a few weeks to recover versus a day or two to get back an operational state.”

The 2021 Cyber Threat Report from SonicWall revealed that over 304.7 million ransomware attacks were reported across the globe in H1 2021. Various reasons lead to the surge in ransomware attacks; however, victims’ willingness to pay up for their compromised data has been the primary reason. According to a recent survey from IDC, nearly 44% of the organizations admitted that they are willing to pay ransom to restore their files and operations in the event of a ransomware attack. The survey also revealed that Australia (60%) and Singapore (49%) are the top-most ransom paying countries.

Source: https://cisomag.eccouncil.org/russia-linked-conti-ransomware-gang-pillages-jewellery-brand-graff/