ZDNet has reported that a group of hackers has breached the network of Zaha Hadid Architects, one of the world’s leading architectural firms. The intrusion took place last week, and hackers stole files from the company’s network, encrypted files using ransomware, and are now threatening to release sensitive information on the dark web unless the company pays a hefty ransom demand. The hackers, who said they go by the name of Light (possibly the name of their ransomware variant), provided ZDNet with proof of having ZHA files in their possession. These included payroll records, bank documents, files holding employee details, life insurance details, employee contracts, email inbox dumps, and more.
In light of reports that Zaha Hadid has suffered a data breach, the rubber will hit the road if the hackers have gained access to material information on the company, its employees, clients, etc. Just because this group is threatening to spill proprietary information onto the dark web, no one except the hackers or a select group of employees at Zaha Hadid knows exactly what has been stolen. Today, there are more and more examples of the erosion of the honour system hackers were known for – pay a ransom and receive your encrypted files back; but several brazen groups are operating today like its the wild west and now all bets are off, as there is no guarantee a company will regain access to its information. In some cases, companies do recover their files after agreeing to pay a ransom demand, but it took weeks or months, leaving a trail of creditors, angry customers and law enforcement agencies in tow.
Good for Zaha Hadid for notifying law enforcement and for beginning the process of recovering backup files as it sounds like they were prepared. To all companies, this is yet another wake up call to immediately engage in around the clock threat hunting services in order to root out suspicious behaviour on your network before it becomes problematic and your brand suffers, along with your customers and partners. Companies can no longer rely solely on maintaining backup copies of files and security hygiene. Lastly, organisations should deploy advanced anti-ransomware technology to prevent the effective execution of ransomware and help to make cyber crime a less profitable and attractive business.