Conti group apologizes for the attack on Graff

Conti group attack on Graff jewelry company turned into trouble. The data pack published by this ransomware gang contained the confidential information of Prince Mohammed bin Salman – a very important figure in Saudi Arabia. Seeing that their attack touches such high persons, Conti decided to delete the information stolen from Graff from their servers.

Conti attack on Graff

On Saturday, October 31, Conti ransomware attacked the luxury jewelry manufacturer Graff. They performed their “classic” attack – with file ciphering and data stealing. Among the clients of this company, there are such famous persons as Donald Trump, David Beckham, Sir Phillip Green, and a lot of Hollywood stars. But, what is most important, among these celebrities there was a member of the Saudi Royal Family – Mohammed bin Salman, the Crown Prince.

Conti Graff attack
List of data that Conti stole from Graff network

Conti ransomware group is known for its habit to set the stolen data for sale by parts. In this case, only 1% of the information was posted, and fortunately, nobody has purchased it1. Why fortunately? Because, as it was uncovered slightly after the attack, the information that was inside is so critical that all law enforcements from all over the world would start lawsuits against Conti. The affiliate who posted this information for sale did not check what exactly he’s going to sell – that’s why it caused so much disruption.

Why are databases from Graff so crucial?

Graff is known for its goods for the richest people on the planet. The aforementioned celebrities who shopped there are perfect proof of it. But together with the information about the purchases of people who are known worldwide the high risks came into sight. Any sort of data leak will uncover the purchases of royal families, politicians, or other celebrities. And it will be very easy to check if this purchase was addressed to their family, or somewhere else – for bribery, for example, or to the mistress.

The data leak created by Conti ransomware is a perfect example of such a situation. And while Hollywood celebrities could do nothing against this data breach, the Crown Prince, who is the minister of defense of Saudi Arabia, is able to start a serious campaign against Conti. You can see what happens then on the example of REvil ransomware group. That’s why fraudsters decided to apologize and delete the data stolen from Graff – just to avoid such a risk. Did anyone doubt that the safety of their own hide is the only thing they value?

Text of Conti message with apologizes:

This is an important privacy and confidentiality announcement from the Conti Team.
As some of you may know, two weeks ago, we uploaded data from a company Graff on our blog.
This publishing, however, lead to an in-depth investigation of the sample files by the Daily Mail. Daily Mail is a UK paper (not American Twitter 2-digit-IQ “journalism”), therefore, their analysis was done with the highest standards of reporting and uncovered things that we have unfortunately missed.
We found out that our sample data was not properly reviewed before being uploaded to the blog.
As a response to the investigation by Daily Mail, we will delete all Graff’s information from the blog, and will clarify our privacy and confidentiality policy.
1. Conti guarantees that any information pertaining to members of Saudi Arabia, UAE, and Qatar families will be deleted without any exposure and review. Our Team apologizes to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families whose names were mentioned in the publication for any inconvenience.
2. Conti guarantees that besides the 1% files shared on our blog, there were no instances of exposure or sharing of the Graff Diamonds data. In other words, none of this information was sold on auctions or offered as samples, or revealed in any other capacity to any third party.
3. Conti guarantees to implement a more rigid data review process for any future operations.
We want to thank the Daily Mail for investigative coverage and great journalist work, especially regarding the US and UK individuals in the Graff files. As long as the truth is overt, it prevails! As for the Graff Diamond case, we will conduct our own review that will focus exclusively on US and EU citizens.
Our goal is to publish as much Graff’s information a possible regarding the financial declarations made by the US-UK-EU Neo-liberal plutocracy, which engages in obnoxiously expensive purchases when their nations are crumbling under the economic crisis, unemployment, and COVID. While the Nations of America and Europe are chocked by lockdowns and totalitarian surveillance, the neoliberal elites of these states enjoy the luxury of a feast in time of plague.
Along with purchase statements on diamonds and $500,000 USD necklaces, we will publish financial declarations and money orders, so the public knows.
With this publishing, we also hope to raise awareness of the UK and EU governments who have regulations that legally prosecute the companies who can not protect their customer data. We also want to motivate these customers themselves to initiate legal action.
We hope to see more great coverage from Daily Mail!
Stay safe!
Kind Regards,
Conti Team

Aftermath of Conti attack on Graff

The only thing Conti lost at this event was the ransom for data deletion. They are widely known as the group of rascals, who don’t have shame or conscience. While a lot of other ransomware groups agreed to avoid attacking critical infrastructure, Conti kept going, attacking nursery houses, clinics and universities. In this case, they did a step backward just because it could be dangerous for them. Yes, they already committed enough attacks to get a one-way ticket to jail. But leaking data about the member of the Saudi Royal Family almost equal to the highest wanted levels from law enforcements.

Possibly, the affiliated member who managed this attack will be punished in this or another way. But there will be no global changes for Conti – the Russian group will just keep going, ignoring any rules and any morals.

  1. Another example of the data selling in Darknet.

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Attackers usually don`t brut-force long passwords

Attackers usually don`t brute-force long passwords

Microsoft’s network of honeypot servers data showed that very few attacks targeted long and complex …

Another Windows zero day allows for admin privileges

Another Windows zero day allows for admin privileges

Researcher Abdelhamid Naceri who often reports on Windows bugs this time dropped a working proof-of-concept …

Leave a Reply