Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham

Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons

The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff and asked the payment of a multi-million ransom to avoid leaking details of world leaders, actors and tycoons.

The customers of the company are the richest people on the globe, including Donald Trump, David Beckham,Tom Hanks, Samuel L Jackson, Alec Baldwin, and Sir Philip Green.

As proof of the hack, the group already published on its leak site files related to purchases made by David Beckham, Oprah, and Donald Trump.

The Conti gang has already leaked 69,000 confidential documents, leaked files include customer lists, invoices, receipts, and credit notes.

The Russian hacking group claims the information published, involving about 11,000 of Graff’s clients, represents just one percent of the stolen files.

The impact on the privacy of the customers could be greater than the value of the purchased jewels, some of the purchases may demonstrate embarrassing relationships between lovers and very important people.

We cannot exclude that if Graaf will refuse to pay the ransom the gang could attempt to blackmail its customers for the above reason.

I recommend you to read this post published by the Daily Mail that lists some of the impacted customers and reports some embarrassing purchases.

‘Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber attack by professional and determined criminals.” A spokesperson for Graff told the Daily Mail.

‘We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network. We notified, and have been working with, the relevant law enforcement agencies and the ICO. We have informed those individuals whose personal data was affected and have advised them on the appropriate steps to take.” “The firm said it had been able to ‘rebuild and restart our systems within days – crucially with no irretrievable loss of data.”

The firm notified British authorities, including the ICO, it also announced that will be able to recover its systems from the attack within days.

At this time thousands of people have already visited the leak site to dig in the published files looking for sensitive info.

Conti ransomware gang is one of the most active and aggressive ransomware gangs, in September CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warned of an increased number of Conti ransomware attacks against US organizations.

Conti ransomware operators run a private Ransomware-as-a-Service (RaaS), the malware appeared in the threat landscape at the end of December 2019 and was distributed through TrickBot infections. Experts speculate the operators are members of a Russia-based cybercrime group known as Wizard Spider.

Since August 2020, the group has launched its leak site to threaten its victim to release the stolen data.

In May, the Federal Bureau of Investigation (FBI) revealed that the Conti ransomware gang has hit at least 16 healthcare and first responder organizations.

In August, an affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS, he also published the info about one of the operators.

The Conti operators offer their services to their affiliates and maintain 20-30% of each ransom payment.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Graff)

[adrotate banner=”5″]

[adrotate banner=”13″]