Graff ransomware attack exposes tycoon and celebrity PIIs

Graff, a luxury, London-based jewellery firm has been hit with a ransomware attack by the hands of the infamous Conti gang, leaking the PII data of over 11,000 customers onto the dark web, including high-profile figures like the Saudi Crown Prince Mohammed bin Salman, Donald Trump and Oprah Winfrey. 

Reportedly, Conti operatives have managed to gain access to client information from Graff’s computer systems and have leaked over 69,000 files containing the PIIs information of up to 11,000 customers. The threat group claims this is only one percent of the total haul of data they’ve managed to steal in the cyber attack against Graff. 

The hackers are apparently demanding tens of millions of pounds in cryptocurrency from the firm to cease any further leaks. 

Graff stated on their main site that “in common with a number of other businesses”, they have “recently been the target of a sophisticated – though limited – cyber attack by professional and determined criminals”.  However, the firm stated they “reacted swiftly to shut down [their] network and directly informed those individuals whose personal data was affected, advising them on appropriate steps to take”.  

Apparently, due to “robust back-up facilities, no data was lost” and that they were “able to rebuild and restart” their systems and continue operations. The company also stated “all our shops and ecommerce platform were unaffected and continued to operate without interruption”.  

Graff has “notified the Information Commissioner’s Office”, which ICO further confirmed in an email to IT Pro, and continues “to work with law enforcement agencies”. 

Scope of data breach 

Reportedly, the leaked files include: 

• Client lists.  
• Credit details. 
• Invoices and receipts,  

These PIIs could be further utilised by threat actors to perform increasingly sophisticated phishing attacks to gain even more sensitive information as well as commit fraud.  

This information could also be used for other attack vectors like blackmail and extortion if any clients have been caught buying gifts for secret lovers in affairs or secretly taken jewellery as either bribes or just simply from controversial figures. 

The attack is currently believed to have been delivered via phishing methods, where a malicious link in an email was clicked on by an employee, compromising Graff’s systems and network and exposing hundreds of customers’ PIIs. “This latest attack starkly shows how the smallest actions can have the largest consequences,” said Oz Alashe, CEO of CybSafe, a cybersecurity and data analytics company. 

Victims 

In total, it’s believed 11,000 of Graff’s customer base is affected, with 600 being UK nationals. The number of victims from this cyber attack stretch worldwide and most of them are part of rather elite circles.  

Reportedly, those affected by the leaked data includes personalities like: 

• Hollywood icons Samuel L Jackson, Tom Hanks and Alec Baldwin. 
• Famous talk-show host, actress Oprah Winfrey. 
• David Beckham. 
• Sir Philip Green. 
• Frank Lampard.  
• Tony Bennett. 
• Ghislaine Maxwell, currently awaiting trial for her part in the Jeffrey Epstein case.  
• Tamara Ecclestone, the Formula One heiress. 
• Former US President, Donald Trump, and his wife Melania. 
• Bahraini Prime Minister, Salman bin Hamad Al Khalifa. 
• UAE Prime Minister, Sheikh Mohammed bin Rashid Al Maktoum. 
• Saudi Crown Prince Mohammed bin Salman. 

With so many of those affected being from elite circles, some speculate what impacts this could have on cybersecurity policy world-wide as well as if Conti may have bitten off more than it can chew with targeting so many influential figures. 

Victims are advised to: 

• Be wary of any suspicious emails, as they could be phishing attempts. 
• Not click on links and attachments unless expecting them. 
• If facing blackmail or extortion at the hands of threat actors, contact the police instead of complying with demands. 

It’s important to note that there is no guarantee that giving into cybercriminals’ demands and paying ransoms will stop them from leaking data or prevent them from coming back for more. 

Surge in ransomware attacks 

In recent months there has been a huge spike in ransomware attacks atop of the already unprecedented number of attacks that have happened in 2021, with 500 million ransomware attempts recorded so far.  

Recently, Olympus, a Japanese technology manufacturer, suffered a ransomware attack in September, affecting its systems and business operations in Europe, the Middle East and Africa (EMEA). Then, within weeks, they were hit with another cyber attack in October taking down their systems in North and South America. 

In May, the US Colonial Pipeline was hit by a giant ransomware attack by the Dark Side threat group, crippling fuel delivery across southeastern states. Then, in July, Florida-based IT firm Kaseya was hit in a supply chain attack by REvil that impacted more than 200 businesses across 17 countries after threat actors deployed ransomware and hijacked their widely-used software. 

Both Dark Side and REvil have been linked to Russia. 

Conti, which are also linked to Russia, have played no small part in this wave of cyber attacks, being previously responsible for the ransomware attack against Sandhills Global, a US publications and hosting company, leading to many sites from various client companies being taken offline. They were also recently in the news for threatening to post victim’s data if any of their chatroom ‘negotiations’ with them were leaked to the media. 

Their latest attack on Graff further cements their status as a threat group to watch out for. The fact that their massive hack of Graff depended on an employee clicking on a malicious link in an email shows that once again small, often thoughtless mistakes have very big consequences in the world of cybersecurity. 

With just 52 percent of employees trained to resist phishing attacks and only 31 percent found to have been trained to deflect ransomware attacks specifically, companies risk neglecting cybersecurity best practices and the means to defend themselves against the biggest and most common threats and attack vectors for their business and customers.