What the Graff ransomware attack tells us about cybercrime today

The news that exclusive UK jeweller Graff has been hit by a ransomware attack by cybercrime gang, Conti, and so far had 69,000 confidential documents leaked, highlights how sinister cybercriminals have become in their techniques and targets. However, attacks of this size and severity should come as no surprise. Ransomware today is far more widespread than ever before, increasing by 151% in the beginning of 2021 alone, and with the FBI warning there are now 100 different strains.

Why was Graff attacked?

Graff has undoubtedly been chosen as a victim because of its high-profile customer database, thus allowing for higher ransom demands and seemingly higher stakes. Cyberattacks may not always be published across the UK press, but incorporating celebrity victims and citing the possibility of payments in jewels is sure to gain national interest. This could ultimately work in the gang’s favour by putting more pressure on victims to pay up. In the case of gaining access to sensitive data about well-known individuals, the data itself can become a commodity to sell on through the dark web, so even if ransom is not paid, the hack can still become a profitable exploit for these bad actors.

How ransomware attacks are evolving

Unfortunately, even though we see weekly reports of ransomware attacks, this is only the tip of the iceberg – there are likely many that have gone un-publicised. The types of hacks revealing addresses and contact details of individuals can breed further crime and allow cyber security risks to feed into the physical security space. There has also been a notable increase in the sophistication of the tactics, techniques and procedures (TTPs) hackers are using to bypass security controls in targeted organisations. Legitimate tools like Cobalt Strike and PSExec are frequently used to help with covert lateral movement and data exfiltration. Additional tactics like data theft, DDoS and notifying customers and stakeholders about breaches are all designed to turn up the pressure on victim organisations to pay.

What companies can do to prevent ransomware attacks

Proactive prevention is the best way to protect an enterprise, as once a network has been compromised and data held to ransom, it becomes much harder to advise on next steps and recover a business’ reputation and security. There are a number of solutions:

1. Enhanced training and awareness courses to educate employees is key, particularly running simulation exercises aimed at changing user behaviours
2. Organisations also need to adapt their policies and cyber strategy to complement their evolving workforce structure. As the hybrid structure becomes increasingly popular, multi-factor authentication for all RDP machines and risk-based patching programs is crucial in tackling the main ransomware access vectors
3. For those attacks that sneak through, intrusion detection (IDS), continuous monitoring and SIEM-based logging are essential to provide real-time visibility for SecOps teams
4. Finally, it is integral to set compliance standards for your supply chain partners by carrying out regular audits and communicating clear standards. You can have the strongest security posture internally, but if your partners and supply chain have weak defences, your enterprise becomes an easy target

Get in touch to find out how we can protect your business from the growing threat of ransomware.