Clothes retailer FatFace has reportedly paid a $2 million ransom to ransomware criminals who accessed their network earlier in the year.
FatFace had earlier made headlines when, in the immediate aftermath of the cyber intrusion, they emailed customers potentially affected by the attack detailing what had happened, but had also warned those customers that the information in the email was “strictly confidential”.
Whether this was an attempt by FatFace to keep details about the data breach from being reported on isn’t all that clear; but for future reference, this isn’t the sort of thing you can just ask people not to talk about in the hope that it doesn’t make its way onto the technology newspapers and blogs.
The ransomware attack on FatFace was a standard attack, apparently using a targeted phishing attack to trick an employee into handing over login credentials allowing the crooks to access the retailer’s network. The crooks – reportedly part of the Conti ransomware gang – then used this access to dig further into the network and deploy ransomware.
The ransomware attack was a two-pronged attack, as it now a standard affair against businesses and enterprises. First the crooks stole sensitive company information (including information on customers) from FatFace. Then they encrypted the files on the company network, before demanding a ransom. The theft of company and customer data affords the crooks an added advantage and can allow them to raise their ransom amount. After all, a company may have good back-ups of their data to restore from, and as such may not feel the need to pay-out based solely on their own files being encrypted.
But an embarrassing data leak, that’s more likely to get a company reaching for their wallet.
And so ensued negotiations between FatFace and the Conti ransomware gang, some of which was uncovered by Computer Weekly’s French sister site LeMagIT, below.
It has been reported that a ransom of $2 million was eventually agreed between the two parties, meaning Conti have netted another multimillion dollar reward for their illegal activities.
And of course it’s another warning to organisations everywhere. Ransomware gangs aren’t going anywhere. Why would they when they’re getting such lucrative paydays?
Sponsored Content. Continued below...
If you’re a FatFace customer… then some of your personal data may have been leaked online, including names, address, email address and some redacted credit card information. So be especially wary of targeting phishing scams where crooks may try and contact you using this information to make their scams more convincing. If you get a suspicious phone call or email asking you to click links, open email attachments, provide personal information… don’t do it.
It wasn’t all bad news for FatFace though. They apparently received some sound cybersecurity advice… from the cybercrooks, who advised a number of security improvements (including employee phishing tests, penetration testing, password reviews and software recommendations) as they closed the negotiation talks. So at least there’s that…
As always, educate yourself and your employees how ransomware attacks work, use good cybersecurity software, protect your customer data and always have current back-ups available, preferably stored somewhere where cyber-crooks can’t get their hands on them!