While ransomware attacks are becoming common, still not every victim firm knows how to deal with them. One such victim is the retailer FatFace whom disclosed a data breach to its customers months after suffering a ransomware attack. As speculated, the firm made an improper incident disclosure in a bid to hide their surrender to the attackers.
FatFace Disclosed Data Breach
Recently, the British retailer FatFace disclosed a data breach to its customers via email notifications.
However, it wasn’t a regular breach alert as FatFace also asked the customers to keep the news ‘private and confidential’.
Data breach at @FatFace. It feels a bit… misleading:
“Our systems are fully secure and FatFace remains a safe place to shop online or in person” – except for the data breach they just had! pic.twitter.com/3SjHmwwh7P
— Troy Hunt (@troyhunt) March 23, 2021
Briefly, the email disclosed that FatFace noticed some suspicious activity on its IT systems on January 17, 2021. Investigating the matter confirmed a cybersecurity breach, following which, the firm involved security experts to contain the matter.
In their email, FatFace assured that despite the breach, they didn’t spot any evidence of misuse of customers’ information.
FatFace Actually Suffered Conti Ransomware Attack
While the email mentioned a data breach, one particular phrase indicated something more serious than a breach.
Unfortunately, like many organisations, we were subject to a sophisticated criminal attack which involved access to our systems…”
This carefully worded statement indicates a ransomware attack on FatFace.
Though they didn’t specifically confirm it, ComputerWeekly confirmed that FatFace actually fell victim to the Conti ransomware.
The attackers demanded a whopping $8 million in bitcoins as ransom. However, as the media reported, they eventually lowered their demand (supposedly to $2.65 million). FatFace eventually paid the ransom in a bid to keep the stolen 200GB of data safe.
As reported, the attackers gained access to the company network on January 10, 2021, via a phishing attack. They then established their existence on the network as they moved laterally. Finally, on January 17, 2021, the threat actors executed the ransomware.
Aside from providing the decryption key following the receipt of the demanded ransom, the attackers also advised FatFace on improving their cybersecurity status.
After all the chaos, a FatFace spokesperson confirmed the ransomware attack to ComputerWeekly.
FatFace was unfortunately subject to a ransomware attack which caused significant damage to our infrastructure…
Details of the attack and steps taken are part of a criminal investigation so at this stage we are unable to comment any further. We recognise that ransomware attacks are an issue which more and more organisations are having to grapple with in the current threat landscape.
Companies should ensure they undergo a regular penetration test from a reputable supplier to avoid such issues being exploited.