Data on countless celebrities, politicians and heads of state appear to be in the hands of ransomware actors after a group using the Conti variant compromised a high-end jeweler over the weekend.
London-based Graff, which sells diamond jewelry to the super-rich, confirmed the news in a statement sent to Sky News.
“Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber-attack by professional and determined criminals,” it read.
“We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network. We notified, and have been working with, the relevant law enforcement agencies and the ICO.”
The group reportedly released tens of thousands of documents, including customer invoices and receipts, on its dark web leak site. Although there’s said to be plenty more in reserve, used as leverage to force a ransom payment, the data currently exposed is not thought to be a serious privacy risk to the victims.
What's more, researchers at Digital Shadows confirmed to Infosecurity that, when they checked, there was no mention of the breach on the Conti site.
“Although unconfirmed it is possible either that Graff has paid the ransom, or is currently in negotiations with the ransomware group," the firm noted.
Big names from Hollywood, sport and business were reportedly impacted, including former footballers David Beckham and Frank Lampard, Donald Trump, Hollywood actors Alec Baldwin and Samuel L Jackson, and retail boss Philip Green.
“We have informed those individuals whose personal data was affected and have advised them on the appropriate steps to take,” the Graff statement concluded.
According to an analysis from Group-IB, Conti attacks accounted for 15% of the total last year. The group, which only appeared on the ransomware scene in 2020, is known for issuing high ransom demands to organizations it thinks can pay.
In April this year, one attack on a Florida school district led to a $40m demand.
In September, an alert posted by US security agencies warned that Conti had been used in more than 400 attacks globally