Italian luxury fashion brand Moncler has confirmed it suffered a major ransomware attack that led to a data breach.
In a press release, the company said that after the incident occurred in late December last year, it had received a ransomware demand, which it rejected, as it goes “against its founding principles”.
As a result, the data stolen in the breach was published on the dark web.
Moncler data breach
The published batch includes data on employees and former employees, “some suppliers, consultants and business partners,” as well as some customers registered in its database. No payment data was taken, Moncler confirms, as the company does not store such data on its premises. The company did not provide further details on the data stolen, or whether it could be used in identity theft (opens in new tab).
Reports claim the group behind the ransomware attack is called AlphV/BlackCat - a relatively new entrant to the cybercrime scene, whose Ransomware-as-a-Service (RaaS) operation launched in early December 2021 - with Moncler one of AlphV’s first victims.
The publication described it as “the most sophisticated RaaS of last year”, mostly due to its “robust operational structure, features, and thought-out approach” to all stages of the ransomware attack.
Warning against the distribution of stolen data
The data leak site, established by the attackers, shows that the ransom demand was $3 million. The stolen data seems to include earning statements, spreadsheets with customer information, and invoices. The group is now allegedly looking for a buyer interested in data on Moncler’s “rich customers”.
In its press release, Moncler also apologized for the disruption and said that it notified both law enforcement agencies, and affected stakeholders, as soon as it discovered the attack. It did not describe how the attack took place, and if any endpoints (opens in new tab) were compromised with malware (opens in new tab).
It also warned potential buyers that they, too, would be committing a criminal offense:
"Moncler reminds that all information in the possession of cybercriminals is the result of illegal activities and that consequently, the acquisition, use and dissemination of the same constitutes a criminal offense,” the announcement reads.
- You might also want to check out our list of the best firewalls right now
Via: BleepingComputer (opens in new tab)