Share this article on:
Russian cyber gang Conti is thought to have been behind the hack, with the group allegedly demanding ransom in exchange for protecting further client information.
Media outlets have begun reporting that high end jeweller Graff was the victim of a cyber attack this week, with the Russian cyber gang Conti allegedly demanding ransom from the jeweller in exchange for protecting additional client information.
Already, Conti has released an estimated 69,000 files representing 11,000 of Graff’s clients to coerce the jewellers into caving into the group’s demands. The Daily Mail reported that information belonging to Donald Trump, Oprah, Ghislaine Maxwell and David Beckham were released on the Dark Web.
The Mail on Sunday explained the sensitivities of the hack.
“Documents including client lists, invoices, receipts and credit notes have been taken, and could prove embarrassing for customers who may, for example, have bought gifts for secret lovers or taken jewellery as bribes,” it said.
Among the names were several high ranking politicians and royals from the Middle East and Asia.
“Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber attack by professional and determined criminals,” a statement from a company spokesperson said.
“We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network. We notified, and have been working with, the relevant law enforcement agencies and the ICO.”
In early September, Cyber Security Connect reported the operating capabilities of the threat actors.
An analysis from cyber security company Sophos outlined that Conti is likely exploiting ProxyShell — a collection of vulnerabilities for Microsoft Exchange servers, which enables an actor to bypass authentication and execute code as a privileged user.
Conti attackers are reportedly gaining access to the target's network and set up a remote web shell in under one minute, and are installing a second, backup web shell just three minutes later.
“Within 30 minutes they had generated a complete list of the network's computers, domain controllers, and domain administrators,” Sophos noted.
“Just four hours later, the Conti attackers had obtained the credentials of domain administrator accounts and began executing commands.”
[Related: Conti emerges as growing cyber threat]