FatFace Pays $2million Ransom To Cyber Criminals

Uploaded on 2021-04-07 in TECHNOLOGY--Hackers, FREE TO VIEW

British clothing retailer FatFace paid out a $2m ransom to restore its data following a January 2021 cyber attack by the criminal hacking group called Conti.  

The criminals initially demanded a ransom of 213 Bitcoins, about $8 million/£5.8 million, but agreed to lower the amount to $2 million after FatFace's negotiator explained that the firm's revenues had slumped over the past year due to lockdown restrictions. 

Conti finally agreed to a $2 million payment, saying that it didn't want to bankrupt the retailer.

Conti told FatFace that it had initially breached their network via a phishing attack on 10th January 2021. The gang used this compromise to gain admin rights and expand its reach through the network, as well as identifying the firm's Veeam backup servers and Nimble storage. The final attack occurred on 17th January, when the criminals were able to exfiltrate over 200GB of data from FatFace's systems before encrypting machines.

After receiving the ransom pay-out, Conti offered advice to the company's IT team about how they could strengthen security to prevent cyber attacks in future.

Advice included implementing email filtering, reviewing Active Directory password policy, conducting employee phishing tests, and investing in better endpoint detection and response technology. FatFace disclosed the security breach to customers in an email last week, informing them that some customer details - including names, email and postal and addresses, and limited credit card data - had been compromised in an attack on its systems.

The company asked customers to keep information about the data breach 'strictly private and confidential'. It also told customers that the delay in informing them occurred as they were working to identify the hackers behind the incident and to determine precisely what information was stolen.

Under the terms of the GDPR, companies must tell the ICO of a breach within 72 hours of becoming aware of it. If they decide there is a high risk to individuals' rights and freedoms, they also need to inform affected individuals 'without undue delay'.

FatFace confirmed the ransomware attack and they notified the ICO and law enforcement agencies about the incident. Almost 5,000 ransomware attacks hit British firms in 2019, with criminals collecting payments of nearly £210 million, the US cyber security firm Emsisoft said in a report last year. The company said that organisations are showing 'more willingness' to pay ransoms due to fears of public embarrassment, lost data and potential penalties from regulators (of course, paying a ransom to retrieve stolen data does not avoid fines for losing that data in the first place).

The 2020 CrowdStrike Global Security Attitude Survey revealed that almost 40% of UK organisations had been subject to ransomware attacks in the past 12 months, and 13 per cent of them had chosen to pay the ransom.

Some of the other key findings in the report is a growing fear of nation-state intrusions and ransomware attacks in the wake of COVID-19 outbreaks: 

  • 56% of organisations surveys reported a ransomware attack within the last 12 months.
  • 87% of respondents indicated that nation-state attacks are much more common than commonly supposed.
  • 73% say nation-state attacks are the single biggest threat to their organisations. 
  • 84% say they have accelerated their digital transformation efforts as a result of COVID-19, Potentially compounding their risk.
  • 45% stating that they have increased cloud rollouts to support employees working remotely. 

According to Crowdstrike, UK businesses paid an average ransom of £940,000 ($1.2 million) which is higher than the global average of $1.1 million.

Crowdstrike:     Information Commissoner:        Computer Weekly:         Computing

You Might Also Read: 

Ransomware Victim Travelex Folds:

 

« Twenty Cyber Security Startups To Watch
Half A Billion LinkedIn Members Found For Sale »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

Lynx

Lynx

Lynx provides high added value services in the area of information systems security and ICT infrastructure building.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

Aries Security

Aries Security

Aries Security provides a premiere cyber training range and skills assessment suite and develops content for all levels of ability.

DataPassports

DataPassports

DataPassports is a data-centric security and privacy solution that enforces privacy and security from end-to-end with transparent protection of data at the source.

Ensighten

Ensighten

Ensighten is a leader in Website Security & Privacy Compliance. Protect your website from malicious attacks, monitor & detect vulnerabilities, protect consumer data.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

SEK Security Ecosystem Knowledge

SEK Security Ecosystem Knowledge

SEK helps companies in the complex path of cybersecurity; in the analysis, detection and prevention of digital threats.

Global Resilience Federation (GRF)

Global Resilience Federation (GRF)

GRF builds, develops and connects security information sharing communities for mutual defense.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.

Forensic IT

Forensic IT

Forensic IT is a specialised cyber security firm with expertise in Digital Forensics and Incident Response (DFIR).