FatFace pays out $2 million to Conti ransomware gang

FatFace pays out $2 million to Conti ransomware gang

UK fashion retailer FatFace, which made headlines this week by appearing to ask its customers to keep its cyber attack “strictly private and confidential”, has reportedly paid a $2 million ransom to the criminals responsible.

According to Computer Weekly, FatFace entered negotiations with the Conti ransomware gang soon after it became aware its systems had been breached and customer details stolen in January 2021.

Initially, the Conti ransomware gang is thought to have demanded a 213 Bitcoin ransom be paid (approximately $8 million) – a figure seemingly determined by the criminals’ belief that FatFace’s ransomware insurance covered the firm up to £7.5 million.

Conti negotiation
Negotiation between FatFace and Conti ransomware gang. Source: Computer Weekly

However, in negotiations uncovered by Computer Weekly’s French sister publication LeMagIT, FatFace successfully managed to talk the ransom down after explaining revenues had tumbled due to highstreet stores being shut during the Coronavirus lockdown.

Negotiation between FatFace and Conti ransomware gang. Source: Computer Weekly
Negotiation between FatFace and Conti ransomware gang. Source: Computer Weekly

A representative of the Conti gang told FatFace’s negotiator that the initial breach of the retailer was via a phishing attack on 10 January 2021. The attackers were able to use the initial compromise as a base for gaining admin rights and then spreading laterally through FatFace’s network.

More than 200GB of data was reportedly exfiltrated from FatFace’s systems before systems were encrypted by the ransomware on January 17th.

Sign up to our free newsletter.
Security news, advice, and tips.

Generously, Conti offered advice to FatFace’s IT team about how to harden its defences in order – one hopes – to make the organisation less easy to attack in future.

I guess that’s the least you could ask for from your attackers after you’ve shelled out a $2 million ransom…


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “FatFace pays out $2 million to Conti ransomware gang”

  1. Jim

    Internet security advice from Conti, will FatFace thank them?

    Presume this security advice from Conti will include backdoors?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.