Experts: Foxtons Breach Was Egregor Ransomware

A widely reported data breach from last year at Foxtons Group was due to a ransomware attack by the Egregor group, according to threat intelligence experts.

The incident made the news this week after reports revealed a customer of the high street estate agent discovered a large number of customers’ personal and financial info on the dark web.

This reportedly included over 16,000 card details, addresses and private messages, discovered by the individual on October 12 last year. A statement from Foxtons explained that its Alexander Hall mortgage broking business was hit by unspecified malware that same month but that all the data was judged to be old, incomplete and posed no danger to customers.

Tel Aviv-headquartered Kela has since been in touch with Infosecurity to reveal that the information was stolen as part of a ransomware attack on Foxtons.

Ransomware groups are increasingly stealing data before deploying their malware in so-called “double extortion” attacks designed to increase the pressure on corporate victims to pay up.

If victim organizations refuse to pay, then more data is usually leaked online.

“We don't suspect that this is a separate incident than the ransomware attack that occurred several months back, especially since the ‘customer’ that shared this data said he found it online on October 12, the same day that the victim was posted on Egregor's blog,” Kela’s spokesperson explained.

They did question why only 1% of the data allegedly stolen had been posted online so far. However, a note on the group’s blog claims that data is being sold privately.

In any case, the link to the original data is currently broken and the Egregor group blog had previously been taken offline for several weeks, leading some to speculate that its operations may have been deliberately disrupted.

Egregor first came to light in September/October 2020 just as the infamous Maze group was winding down its operations. Attacks on US bookstore Barnes & Noble and video game developers Ubisoft and Crytek presaged scores of successful compromises around the world.

What’s Hot on Infosecurity Magazine?