A hit on Graff, a high-end jeweler, might have turned sour for a Russia-based ransomware gang. So much so, an official apology was due.
According to security researchers at DarkFeed, a darknet intelligence website, the Conti ransomware gang apologized for its recent hacking of Graff, a London-based multinational jeweler.
In late October, Conti published a sample database allegedly stolen from Graff. According to threat actors, the database had 69,000 confidential documents, customer lists, invoices, and credit notes.
The stolen data had many familiar names as purchases David Beckham and Donald Trump were made public to prove the leak contains actual data. The leak supposedly included purchases made by Hollywood actors Tom Hanks, Samuel L Jackson, and Alec Baldwin.
However, the hack roughed some feathers as a week later group offered an apology. An announcement on the Conti group's website promised not to expose and delete information on royal family members from Saudi Arabia, UAE, and Qatar.
"Our team apologizes to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal families whose names were mentioned in the public for any inconvenience," Conti wrote on their website.
The leak listed Saudi Crown Prince Mohammed bin Salman as a Graff client in Monaco, together with Sheikh Mohammed bin Rashid Al Maktoum, the ruler of Dubai. The prime minister of Bahrain, Salman bin Hamad Al Khalifa, and former prime minister of Qatar, Sheikh Bin Jabr Al Thani Hamad Bin Jassim, were also named in the leak.
While promising to protect the privacy of rulers from the Middle East, Conti promised to leak Graff data regarding EU, US, and UK citizens.
Conti started operating in late 2019, and it runs Conti.News data leak site. The group gets initial access through stolen RDP credentials, phishing emails with malicious attachments.
Experts believe that Conti attacks resemble tactics seen in nation-state attacks. The groups also tend to rely on human-operated attacks instead of increasingly popular automated intrusions. Conti attempts to find a buyer for the data before it's posted on site.
Ireland's HSE, Volkswagen Group, several US cities, counties, and school districts were affected by Conti. Conti has been observed to be in the networks for anywhere between a few days to even weeks before actually launching ransomware.
The group is believed to be based in the second largest Russian city of Saint Petersburg. It's also speculated that people behind Conti used to be in charge of another prominent ransomware cartel, Ryuk.
The group has been particularly active recently, with the FBI and CISA issuing a warning over 400 Conti ransomware attacks aimed at stealing sensitive data.
As with many modern extortion gangs, Conti offers Ransomware-as-a-Service (RaaS) package, offering its malware to affiliates. The core team takes 20-30% of a ransom payment, while the affiliates keep the rest of the loot.
Cyberattacks are increasing in scale, sophistication, and scope. The last 12 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya.
Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.
An average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.
Reports show that people most vulnerable to cybercrime tend to be adults over 75 and younger adults. Criminals were taking advantage of the uncertainty caused by the pandemic and the flood of new users to digital channels, who were especially susceptible to attack.
More from CyberNews
Subscribe to our newsletter