UK fashion retailer FatFace, which made headlines this week by appearing to ask its customers to keep its cyber attack “strictly private and confidential”, has reportedly paid a $2 million ransom to the criminals responsible.
According to Computer Weekly, FatFace entered negotiations with the Conti ransomware gang soon after it became aware its systems had been breached and customer details stolen in January 2021.
Initially, the Conti ransomware gang is thought to have demanded a 213 Bitcoin ransom be paid (approximately $8 million) – a figure seemingly determined by the criminals’ belief that FatFace’s ransomware insurance covered the firm up to £7.5 million.
However, in negotiations uncovered by Computer Weekly’s French sister publication LeMagIT, FatFace successfully managed to talk the ransom down after explaining revenues had tumbled due to highstreet stores being shut during the Coronavirus lockdown.
A representative of the Conti gang told FatFace’s negotiator that the initial breach of the retailer was via a phishing attack on 10 January 2021. The attackers were able to use the initial compromise as a base for gaining admin rights and then spreading laterally through FatFace’s network.
More than 200GB of data was reportedly exfiltrated from FatFace’s systems before systems were encrypted by the ransomware on January 17th.
Generously, Conti offered advice to FatFace’s IT team about how to harden its defences in order – one hopes – to make the organisation less easy to attack in future.
I guess that’s the least you could ask for from your attackers after you’ve shelled out a $2 million ransom…
Internet security advice from Conti, will FatFace thank them?
Presume this security advice from Conti will include backdoors?