Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay.
High-end Italian fashion house Ermenegildo Zegna revealed on Monday that it was the target of a ransomware attack last August — and that it managed to recover its systems from back-up without paying a ransom.
The Milan-based firm already had revealed on Aug. 6, 2021, that it became aware of unauthorized access to its systems but did not disclose the specific type of breach.
In a public filing this week, however, the company acknowledged that it was a ransomware attack that “impacted the majority of our IT systems” and ultimately led to some private accounting data stolen in the incident to be leaked online.
Indeed, the RansomExx ransomware operation claimed responsibility for the August attack and published leaked data stolen from the company online the day Zegna fist announced the incident, according to a report published by Bleeping Computer.
“As we refused to engage in discussions relating to the payment of the ransom, the responsible parties published certain accounting materials extracted from our IT systems,” Zegna wrote in the filing, an SEC Form 424B3. These forms are used to update a company’s investment prospectus, in this case to inform them of risk related to cyber-incidents or data breaches.
Zegna gradually restored its IT systems — which include multiple server locations, third-party cloud providers and a range of software applications for different regions and functions — from secure back-up servers during the weeks following the breach, the company said.
“Although our systems are diversified…we periodically assess and implement actions to ameliorate risks to our systems, a significant or large-scale malfuction or interruption of our systems could adversely affect our ability to manage and keep our operations running efficiently, and damage our reputation if we are unable to track transactions and deliver products to our customers,” the company said in the filing.
Resisting the Pressure to Pay
While many companies choose to pay a ransom during such an attack to unlock data or prevent it from being leaked online, security professionals generally recommend that they don’t because it only encourages cybercriminals.
However, many ransomware groups now regularly resort to a method called double extortion, in which they not only lock up victims’ IT systems but also threaten to leak sensitive data online if the organization doesn’t pay by a certain time, which adds pressure and often results in a quick payout.
“As these things go, it’s fantastic that Ermenegildo Zegna recovered without capitulating to the cybercriminal gang’s ultimatums,” observed Chris Clements, vice president of solutions architecture at security firm Cerberus Sentinel, in an email to Threatpost. “Not paying cybercriminals extortion demands is one of the most effective ways to deter cyberattacks, but far too few companies that find themselves in similar situations to restore operations in a timely fashion.”
Indeed, even if they can restore via back-up systems, it’s the hurry to get back online and fully operational that often makes organizations cave to demands. But with ransomware such a common occurrence in the threat landscape, there is no excuse for companies not to plan for a speedy in-house recovery in the event of an attack, he said.
“We’ve long since reached the point that organizations of any size and in any vertical must assume that they may potentially fall victim to a comparable cyberattack and implement a strategy not only for prevention, but also for restoring systems and data at company-wide scale should the worst happen,” Clements said.
The attack on Zegna also reiterates the scenario that any organization, no matter how large or small, can be a target of ransomware attacks, he added. Though it’s one of the top menswear brands in the world in terms of revenue, Zegna, for example, has about 6,500 employees globally–making it a relatively small fish compared to some global multinationals.
“With ransomware extortion payouts routinely venturing into millions of dollars, cybercriminals have a powerful incentive to compromise every organization they are able to,” Clements said.