{
	"id": "40da1c97-67cd-431f-aca2-eabc20d64f75",
	"created_at": "2026-04-06T00:08:24.327441Z",
	"updated_at": "2026-04-10T03:24:29.903404Z",
	"deleted_at": null,
	"sha1_hash": "068ddc03ad0176486bff0b024bd93f0a22980f66",
	"title": "Celebrity jewelry house Graff falls victim to ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 103980,
	"plain_text": "Celebrity jewelry house Graff falls victim to ransomware\r\nBy Pieter Arntz\r\nPublished: 2021-10-31 · Archived: 2026-04-05 19:47:06 UTC\r\nData on countless celebrities, including politicians, is apparently now in the hands of ransomware attackers after a\r\ngroup using the Conti variant compromised systems of one of the world’s most exclusive jewelry houses, Graff.\r\nDespite what mathematicians like to think, there is an exception to every rule. When we wrote in our\r\nDemographics of Cybercrime Report that money (or its absence) changes our sense of safety, that wasn’t meant to\r\nimply that the rich feel like they’re bigger targets. Quite the opposite, those that don’t have money were found to\r\nfeel less safe online. But the fact that the rich are, in fact, more attractive targets is of course true.\r\nHigh-end targets\r\nThe personal information of celebrities like Oprah Winfrey, David and Victoria Beckham, Tom Hanks, and\r\nMelania and Donald Trump were stolen during a ransomware attack on Graff.  The Conti Ransomware gang have\r\nclaimed responsibility.\r\nConti is one of the gangs that, besides encrypting files, exfiltrate data from the compromised systems. When the\r\nvictim refuses to pay the ransom, the gang publishes the exfiltrated data, or sells them to the highest bidder. Conti\r\nrecently announced that they will also publish data as soon as details or screenshots of the ransom negotiations\r\nprocess are leaked to journalists.\r\nhttps://blog.malwarebytes.com/ransomware/2021/11/celebrity-jewelry-house-graff-falls-victim-to-ransomware/\r\nPage 1 of 3\n\nThe Conti gang also recently made the news recently when they put the access to compromised networks up for\r\nsale, as well as when some underpaid turncoat leaked their manuals, technical guides, and software on an\r\nunderground forum.\r\nAccording to Graff, the vast majority of clients have not been the victim of personal data loss and those that were\r\naffected have been informed by mail.\r\nThe target\r\nFrom the all-caps official statement on its site, Graff is shaken but not stirred.\r\n“PLEASE BE ASSURED THAT WE REACTED SWIFTLY TO SHUT DOWN OUR NETWORK\r\nAND DIRECTLY INFORMED THOSE INDIVIDUALS WHOSE PERSONAL DATA WAS\r\nAFFECTED, ADVISING THEM ON APPROPRIATE STEPS TO TAKE. WE ALSO NOTIFIED THE\r\nINFORMATION COMMISSIONER’S OFFICE AND CONTINUE TO WORK WITH LAW\r\nENFORCEMENT AGENCIES. FORTUNATELY, THANKS TO OUR ROBUST BACK-UP\r\nFACILITIES, NO DATA WAS IRREVOCABLY LOST. WE WERE ABLE TO REBUILD AND\r\nRESTART OUR SYSTEMS WITHIN DAYS TO CONTINUE TO OPERATE EFFECTIVELY AND\r\nALL OUR SHOPS AND ECOMMERCE PLATFORM WERE UNAFFECTED AND CONTINUED\r\nTO OPERATE WITHOUT INTERRUPTION.“\r\nThe investigation\r\nA spokesman for the UK’s Information Commissioner’s Office (ICO), which can impose fines of up to 4% of a\r\ncompany’s turnover for failing to comply with the Data Protection Act, said:\r\n“We have received a report from Graff Diamonds Ltd regarding a ransomware attack. We will be\r\ncontacting the organization to make further enquiries in relation to the information that has been\r\nprovided.”\r\nUnfortunately, knowing who did it and knowing who to arrest, and how, are two very different things when it\r\ncomes to cybercrime. Sometimes attribution is hard, but even in cases where law enforcement knows who is\r\nbehind the attack, it doesn’t make it easy to apprehend the evil-doers.\r\nIn this case, the group that was behind the attack made a public confession and published proof, but we don’t\r\nknow the real names of the people in this group. We have good reason to assume that they are in Russia, but even\r\nof that we can’t be sure.\r\nIt is only in rare cases that cybercriminals travel to countries where they run the risk of being extradited to the US\r\nor another country where there is a warrant out for them.\r\nWhat’s next?\r\nIn the case of high-end jeweler Graff, it doesn’t sound as if they have plans to pay the ransom, so it is highly likely\r\nthat more of the exfiltrated data will be published on the Conti leak site.\r\nhttps://blog.malwarebytes.com/ransomware/2021/11/celebrity-jewelry-house-graff-falls-victim-to-ransomware/\r\nPage 2 of 3\n\nThe data that were stolen do not seem to be of an alarmingly private nature. Conti has been known to attack\r\ntargets in the public health sector where far more delicate information is to be found. But maybe with this attack it\r\nhas angered some people that have the power to make things happen.\r\nWant to know more about Conti?\r\nMalwarebytes threat profile\r\nCISA alert on Conti Ransomware\r\nAbout the author\r\nWas a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich\r\nmahogany and leather-bound books.\r\nSource: https://blog.malwarebytes.com/ransomware/2021/11/celebrity-jewelry-house-graff-falls-victim-to-ransomware/\r\nhttps://blog.malwarebytes.com/ransomware/2021/11/celebrity-jewelry-house-graff-falls-victim-to-ransomware/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://blog.malwarebytes.com/ransomware/2021/11/celebrity-jewelry-house-graff-falls-victim-to-ransomware/"
	],
	"report_names": [
		"celebrity-jewelry-house-graff-falls-victim-to-ransomware"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434104,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/068ddc03ad0176486bff0b024bd93f0a22980f66.pdf",
		"text": "https://archive.orkl.eu/068ddc03ad0176486bff0b024bd93f0a22980f66.txt",
		"img": "https://archive.orkl.eu/068ddc03ad0176486bff0b024bd93f0a22980f66.jpg"
	}
}