The personal details of celebrity clients of the exclusive jewellery company Graff have been stolen by a ransomware gang that is holding tens of thousands of documents hostage. But how do such attacks happen, what’s in it for the perpetrators and what can any of us do to try to avoid falling victim?
What happened?
About 11,000 of Graff’s clientele have had their confidential data leaked online by the hacking group Conti, which is believed to operate out of Russia and has previously hit hospitals and government agencies worldwide. Among those whose data is said to have been published are Oprah Winfrey, Donald Trump, David and Victoria Beckham, Alec Baldwin, Sir Philip Green, Samuel L Jackson and Frank Lampard.
All are customers of Graff, which was founded in 1960 by the jeweller Laurence Graff. The company claims that the “vast majority” of its clients have not been affected by any personal data loss. Most of the information released to date, a Graff spokeswoman told The Times, is names alone — and in “some limited cases” their home address.
https://www.thetimes.com/article/cyberhackers-steal-details-of-graff-jewellers-celebrity-clients-s2hxtjtvm • Cyberhackers steal details of Graff jewellers’ celebrity clients
The data was obtained through a ransomware attack, an increasingly popular and pernicious hack that steals and locks up information then asks for money to unlock it. “In recent years there has been a huge rise in ransomware and a morphing of such attacks,” says Jessica Barker, the co-chief executive of cybersecurity company Cygenta and author of Confident Cyber Security.
Advertisement
What is a ransomware attack?
Ransomware is a particularly terrifying form of malicious software — or “malware” — that encrypts your data using a tool that only the hackers have the key to. To unlock your data, you’re asked to pay a ransom.
Payment is usually demanded through bitcoin, the decentralised cryptocurrency, because it is more difficult to track once sent, meaning the hackers are more likely to get away with their crime. The average ransom demanded by hackers is just below $150,000, according to the online threat analysis company Webroot.
The malware can end up on an infected machine in a variety of different ways, says Alan Woodward, a cybersecurity professor at the University of Surrey. While it’s not known how Graff fell victim of the attack, it’s likely that it was through a single human error.
“I imagine it’ll be the classic way that these ransomware attacks get in,” he says. “Somebody will have been sent a phishing email with either a dodgy bit of software on it, or a link to a dodgy bit of software that then infects their machine with ransomware.”
What is different about this attack?
The first generation of attacks would simply hold the data hostage and delete it if the ransom went unpaid. Now criminal enterprises, including Conti, try to eke out extra money by releasing snippets of data and demanding more payment not to share more information. That’s vital for companies such as Graff, which rely on discretion with their customers’ information. “With high-profile and powerful clientele, this will be especially concerning as the trust of their clients will be so valuable to them,” Barker says.
Advertisement
This double-extortion method is increasingly common. It was first popularised by the REvil ransomware group, which used the tactic in June 2020 to sell off the data it had stolen from a Canadian agricultural firm.
However, even the threat of the data being released publicly has caused some organisations to pay up. Last year the University of Utah was hit with an attack from a gang called the Maze cartel. It paid $457,000 rather than have its student data made available to all and sundry.
How common are such attacks?
Alarmingly common. One analysis estimates a ransomware attack occurs every 11 seconds. Graff admitted the inevitability of falling victim when it announced the issue publicly, saying: “Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated — though limited — cyberattack.’’
Where do the hackers come from?
Most ransomware gangs are based in eastern Europe, and Russia and Ukraine are two key hubs for the criminal enterprise. Interpol investigations into other high-profile gangs have focused their investigations in Ukraine. “Law enforcement has become very adept at actually identifying who’s behind it, so while they can’t solve every individual case, they can spot the patterns and the intelligence picture has become clearer as to who is behind it,” Woodward says.
What do we know about these specific hackers?
The group is believed to have connections to St Petersburg and has operated a website on the dark web from which it has posted about its double-extortion ransomware attacks since the middle of 2020.
Advertisement
According to Luca Mella, a malware researcher at the University of Bologna, Conti is now the most prolific ransomware group in the world, overtaking REvil, the previous record-holders, last month.
How can I avoid ransomware attacks if I work at a business?
Ransomware has become so pervasive that it’s often a case of when, not if, you’ll find your files locked up. But Woodward has some simple advice for avoiding the criminals for as long as you can. “It comes down to the ABC: assume nothing, believe no one, check everything,” he says. “If you get emails that you don’t expect, if they look dodgy, don’t open the links.”
“No email is so important you need to act immediately,��� says Victoria Baines, a former Europol officer focused on cybercrime.
For businesses, it’s possible to limit the impact of any human error in opening emails hiding ransomware with some simple security settings, such as limiting who can run macros — mini programmes within documents — that are often used as vectors for ransomware.
“Having up-to-date anti-virus software is a good start,” Baines says. “Those big companies do keep on top of the latest ransomware variants, and if you’ve got anti-virus software, you don’t have to be aware of all the different vectors and variants.”
How can I avoid my data being caught up in ransomware attacks as an individual?
Advertisement
This is far trickier, because it relies on other people — and other companies — keeping your data under wraps. Don’t re-use passwords across different platforms, because if someone is able to obtain your password from one compromised service, they could potentially use that information to get into other services you use.
“As consumers, we must call on the organisations we share data with to have a positive and proactive approach to cybersecurity,” Barker says. “When our personal data is stolen from a company we have shared it with, we need to be even more vigilant when it comes to cybersecurity.”
Should I pay up if attacked?
This is literally the million-dollar question, as Graff has reportedly been asked to pay millions of pounds to stop any further embarrassing leaks of customer data by the hackers. “They’re criminals,” Woodward says. “Can you trust them?”
