[BreachExchange] Hackers threaten to leak data from high-end architecture firm Zaha Hadid

Destry Winant destry at riskbasedsecurity.com
Fri May 1 10:12:27 EDT 2020


https://www.zdnet.com/article/hackers-threaten-to-leak-data-from-high-end-architecture-firm-zaha-hadid/

A group of hackers has breached the network of Zaha Hadid Architects,
one of the world's leading architectural firms, responsible for
hundreds of high-end building designs all over the world.

The intrusion took place last week, and hackers stole files from the
company's network, encrypted files using ransomware, and are now
threatening to release sensitive information on the dark web unless
the company pays a hefty ransom demand.

ZDNet learned of the incident from a source last week but was also
contacted by the hackers today, who reached out to share a link to the
website where they plan to release ZHA data.

The hackers, who said they go by the name of Light (possibly the name
of their ransomware variant), provided ZDNet with proof of having ZHA
files in their possession.

These included payroll records, bank documents, files holding employee
details, life insurance details, employee contracts, email inbox
dumps, and more.

Other files included the SSL certificate for the Zaha-Hadid.com
website and user account credentials for the company's Active
Directory server.

The Light hacker gang told ZDNet that they intend to publish the data
later today if the company does not pay the ransom demand.

Make the simplest decision and improve your company's security, with
Cisco Umbrella.

Cisco Umbrella is the leading provider of network security and DNS
services, enabling the world to connect to the internet with
confidence on any device.

White Papers provided by Cisco

Hackers said the company has refused to engage in any communications
and ignored all their emails.

The hackers' statement is in line with a report from the Architects'
Journal, which reported yesterday that ZHA contacted law enforcement
as soon as they learned of the hack, and refused to engage with the
ransomware gang, instead, working with a forensics firm to investigate
the breach and restore from backups.

In a phone call today, ZHA admitted to the security breach but did not
return an email seeking answers to additional questions.

A NEW RANSOMWARE GANG THAT LEAKS STOLEN FILES

Since December 2019, it has now become a common practice for
ransomware gangs to breach high-profile companies, steal data, encrypt
the company's internal network, and post stolen data on dark web
portals as revenge in case the company refuses to pay.

A list of all the ransomware gangs who engage in this practice is
available here.

To ZDNet's knowledge, the Light gang appears to be a new ransomware
group, which the group confirmed in an email.

According to the ID-Ransomware portal, security researchers are not
yet aware of any ransomware strain going by the name of Light.


More information about the BreachExchange mailing list