FatFace Pays $2million Ransom To Cyber Criminals

Uploaded on 2021-04-07 in TECHNOLOGY--Hackers, FREE TO VIEW

British clothing retailer FatFace paid out a $2m ransom to restore its data following a January 2021 cyber attack by the criminal hacking group called Conti.  

The criminals initially demanded a ransom of 213 Bitcoins, about $8 million/£5.8 million, but agreed to lower the amount to $2 million after FatFace's negotiator explained that the firm's revenues had slumped over the past year due to lockdown restrictions. 

Conti finally agreed to a $2 million payment, saying that it didn't want to bankrupt the retailer.

Conti told FatFace that it had initially breached their network via a phishing attack on 10th January 2021. The gang used this compromise to gain admin rights and expand its reach through the network, as well as identifying the firm's Veeam backup servers and Nimble storage. The final attack occurred on 17th January, when the criminals were able to exfiltrate over 200GB of data from FatFace's systems before encrypting machines.

After receiving the ransom pay-out, Conti offered advice to the company's IT team about how they could strengthen security to prevent cyber attacks in future.

Advice included implementing email filtering, reviewing Active Directory password policy, conducting employee phishing tests, and investing in better endpoint detection and response technology. FatFace disclosed the security breach to customers in an email last week, informing them that some customer details - including names, email and postal and addresses, and limited credit card data - had been compromised in an attack on its systems.

The company asked customers to keep information about the data breach 'strictly private and confidential'. It also told customers that the delay in informing them occurred as they were working to identify the hackers behind the incident and to determine precisely what information was stolen.

Under the terms of the GDPR, companies must tell the ICO of a breach within 72 hours of becoming aware of it. If they decide there is a high risk to individuals' rights and freedoms, they also need to inform affected individuals 'without undue delay'.

FatFace confirmed the ransomware attack and they notified the ICO and law enforcement agencies about the incident. Almost 5,000 ransomware attacks hit British firms in 2019, with criminals collecting payments of nearly £210 million, the US cyber security firm Emsisoft said in a report last year. The company said that organisations are showing 'more willingness' to pay ransoms due to fears of public embarrassment, lost data and potential penalties from regulators (of course, paying a ransom to retrieve stolen data does not avoid fines for losing that data in the first place).

The 2020 CrowdStrike Global Security Attitude Survey revealed that almost 40% of UK organisations had been subject to ransomware attacks in the past 12 months, and 13 per cent of them had chosen to pay the ransom.

Some of the other key findings in the report is a growing fear of nation-state intrusions and ransomware attacks in the wake of COVID-19 outbreaks: 

  • 56% of organisations surveys reported a ransomware attack within the last 12 months.
  • 87% of respondents indicated that nation-state attacks are much more common than commonly supposed.
  • 73% say nation-state attacks are the single biggest threat to their organisations. 
  • 84% say they have accelerated their digital transformation efforts as a result of COVID-19, Potentially compounding their risk.
  • 45% stating that they have increased cloud rollouts to support employees working remotely. 

According to Crowdstrike, UK businesses paid an average ransom of £940,000 ($1.2 million) which is higher than the global average of $1.1 million.

Crowdstrike:     Information Commissoner:        Computer Weekly:         Computing

You Might Also Read: 

Ransomware Victim Travelex Folds:

 

« Twenty Cyber Security Startups To Watch
Half A Billion LinkedIn Members Found For Sale »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

Cyber Security Academy - University of Southampton

Cyber Security Academy - University of Southampton

An industry/University partnership established to advance cyber security through world class research, teaching excellence, industrial expertise and training capacity.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

Cryptovision

Cryptovision

Cryptovision GmbH is one of the leading specialists for modern, user-friendly cryptography and solutions for secure electronic identities.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

CYSEC Academy

CYSEC Academy

CYSEC Academy offer cyber certifications, cyber assurance and cyber defense training, hands-on learning training modules, public, private and bespoke training courses.

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

Ledger

Ledger

Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications using its proprietary technology.

Pryv

Pryv

Pryv is a Swissmade software for privacy, personal data collection, usage, sharing and storage.

ProcessUnity

ProcessUnity

ProcessUnity is a leading provider of Third-Party Risk Management software, helping companies remediate risks posed by third-party service providers.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

Sikich

Sikich

Sikich LLP is a leading professional services firm specializing in accounting, advisory, technology and managed services.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

Intellinexus

Intellinexus

Intellinexus turns data into actionable insights to revolutionise decision-making in your business.