UK fashion retailer FatFace, which made headlines this week by appearing to ask its customers to keep its cyber-attack “strictly private & confidential”, has reportedly paid a $2m ransom to the criminals responsible.
States Computer Weekly, FatFace entered negotiations with the Conti ransomware gang soon after it became aware its systems had been breached & customer details stolen in Jan. 2021.
Bitcoin
At first, the Conti ransomware gang is believed to have asked a 213 Bitcoin ransom be paid (roughly $8m) – this figure seemingly chosen because of the crooks’ belief that Fat Face’s ransomware insurance covered the firm up to £7.5m.
However, in negotiations revealed by Computer Weekly’s French sister publication Le Mag IT, FatFace successfully managed to reduce the ransom after explaining revenues had dropped due to high-street stores being shut during the Coronavirus lockdown.
Phishing Attack
A representative of the Conti gang told FatFace’s negotiator that the initial breach of the retailer was via a phishing attack on 10 Jan. 2021. The attackers were able to use the initial compromise as a base for gaining admin rights & then spreading laterally through Fat Face’s network.
More than 200Gb of data was reportedly taken from FatFace’s systems before systems were encrypted by the ransomware on Jan. 17th.
Advice
Generously, Conti offered advice to FatFace’s IT team about how to ‘harden’ its defences in order to make the organisation less easy to attack in future.
That’s ‘the least you could ask for from attackers after you’ve paid out a $2m ransom…
https://www.cybernewsgroup.co.uk/virtual-conference-april-2021/