Luxury fashion house Zegna confirms August ransomware attack

Italian luxury fashion house Ermenegildo Zegna confirmed a ransomware attack in August 2021 that led to a major outage of IT systems.

The disclosure came in today’s filing of an SEC Form 424B3 that updates their investment prospectus to alert investors to risks of business disruption and data breaches from sophisticated cyberattacks.

To highlight potential investment risks, the report provides an example of a ransomware attack that hit the company in August 2021, impacting most of its IT systems and causing a large-scale disruption.

Zegna points out that they did not engage with the ransomware actors in negotiating a ransom payment, so they had to restore from backups in the weeks following the incident.

While Zegna previously disclosed unauthorized access to its systems at the time, it wasn’t until today’s SEC filing that they confirmed it was a ransomware attack.

“In August 2021, we were the subject of a ransomware attack which impacted the majority of our IT systems. As we refused to engage in discussions relating to the ransom payment, officials released certain accounting extracted from our computer systems,” reads Zegna’s SEC filing.

“We publicly announced the computer systems breach and gradually restored our computer systems from secure backup servers over the weeks following the breach.”

As the filing updates the prospectus to address risks to investors, it also cautions:

“A malfunction resulting in a broader or lasting disruption to our business could have a material adverse effect on our business, results of operations and financial condition. In addition to supporting our operations, we use our systems to collect and store information confidential and sensitive data, including information about our company, our customers and our employees.

Any unauthorized access to our information systems may compromise the confidentiality of this data and expose us to claims and damage to our reputation. Ultimately, any material breach of the integrity of our data security could have a material adverse effect on our business, results of operations and financial condition.”

RansomEXX claimed the attack

Last year, Operation RansomEXX claimed responsibility for the attack, where the data was released as a way to further extort the victim into paying a ransom.

The leaked data was stolen from Zegna’s systems and released by the ransomware gang the day the company announced the attack.

Zegna's entry to the RansomEXX leak portal
Zegna’s entry to the RansomEXX leak portal (computer beeping)

As part of the attack, the threat actors claim to have copied 20.74 GB of data where they offered it in password-protected ZIP files. As of now, Zegna’s listing on the leak portal is said to have received 483,000 hits.

List of files still offered on the RansomEXX Tor site
List of leaked files (BEFORE CHRIST)

Unfortunately, Zegna’s filing confirms the authenticity of the leaked data, but they have not commented on the impact on customers and partners.

This is the same ransomware group that hit giants such as Konica Minolta in August 2020, GIGABYTE in August 2021, and more recently Hellmann Worldwide.