Data that's More Valuable than Diamonds
November 03, 21There was a time when jewelers knew where the threats lay. Bad people wanted to steal their jewels. So they bought a nice, big safe. Nowadays things are not so simple. Jewelers can be attacked for something even more valuable than their diamonds - their data.
The cyber-heist on Graff highlights the dangers posed by ransomware. Hackers stole their list of high-profile clients, posted some details online, and are threatening to reveal many, many more.
The society jeweler's clients include world leaders, Hollywood A-listers and the planet's uber-rich. Their privacy is paramount, and they're not keen on having their invoices, receipts, home addresses and personal information shared on the dark web - the encrypted part of the internet that's home to every kind of criminal.
Former US President Donald Trump is reportedly among those whose files have been stolen. Also on the list are Oprah Winfrey, Tom Hanks, Samuel L Jackson, Tony Bennett, Alec Baldwin, Ghisaline Maxwell, footballer David Beckham, Saudi Crown Prince Mohammed bin Salman and Tetra Pak billionaire Hans Rausing.
The scale of the virtual heist - exclusively reported by the British newspaper The Mail on Sunday - is astonishing. So far 69,000 files have been posted, relating to 11,000 Graff customers, but that's said to be just one per cent of the total haul.
The fallout from such a wholesale disclosure could have devastating consequences. Details of a jewelry purchase may come as a nasty surprise to an empty-handed spouse or partner. A celebrity raising thousands for charity could face backlash if it was revealed they also spent millions on jewelry.
Conti, a Russian gang of organized criminals that specializes in ransomware attacks, has claimed responsibility for the attack. They either encrypt their victim's data, making it unreadable, and demand payment to unlock it. Or, as with the Graff attack, they steal the data and threaten to publish it. They slip through cyber-security systems with a phishing email - typically a message that appears to be a trusted source, with a document attached. An employee clicks "open" and unwittingly installs a virus. The hacker is in through the back door and can help themselves to whatever they want. Conti is one of the biggest ransomware gangs, reckoned to be responsible for 15 per cent of all attacks globally. They are said to have targeted well over 400 organisations, among them the Scottish government's Environment Protection Agency, the Irish Health Service, the University of Utah, and the city government of Tulsa, Oklahoma, USA.
A typical ransom demand threatens victims: "Just in case, if you try to ignore us, we've downloaded a pack of your internal data and are ready to publish on our news website if you do not respond. So it will be better for both sides if you contact us as soon as possible."
How much do they want? Ransomware gangs are known to have demanded 10 per cent of a business's annual revenue. Graff Diamonds International reported revenue of almost $473.6 million in 2020, according to Bloomberg.
Graff said in a statement that it had been the target of what it called a a sophisticated - though limited - cyber attack by professional and determined criminals.
"We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network," said a spokesman.
"We notified, and have been working with, the relevant law enforcement agencies and the ICO (Information Commissioner's Office).
'We have informed those individuals whose personal data was affected and have advised them on the appropriate steps to take.'
Unsurprisingly Graff, founded in 1960 by Laurence Graff, made no comment on any next step. But here's a chilling statistic. A report earlier this year on 1,200 ransomware victims, by the US-based cyber-tech company Cybereason, found that 80 per cent of those that paid a ransom were hit a second time, often by the same attackers.
Have a fabulous weekend.