back to article Clop ransomware gang clips sensitive files from Atlantic Records' London ad agency The7stars, dumps them online

A London ad agency that counts Atlantic Records, Suzuki, and Penguin Random House among its clients has had its files dumped online by a ransomware gang, The Register can reveal. The7stars, based in London's West End, filed [PDF] revenues of £379.36m up from £326m, gross billing of £426m and net profit of £2.1m for the year …

  1. MiguelC Silver badge
    Thumb Up

    Good for them not to pay up!

    that's all.

    1. TeeCee Gold badge

      Re: Good for them not to pay up!

      I agree and I'd go further.

      Any organisation should be granted immunity from prosecution under data protection laws in such circumstances[1]. It should be a crime, with draconian penalties attached, to pay the useless parasites.

      [1] i.e. when a third party has broken in and nicked it for publication. Let's face it, if your house is burgled you do not get done for "aiding and abetting" if you do not have the best locks available installed.

      1. Cynical Pie

        Re: Good for them not to pay up!

        Re the 'best locks' ... Actually under DP rules you do expect them to get the best locks they can afford. DP principles require security to be 'appropriate' so what this company should do needs to be appropriate based on their available finances and situation.

        While you might not expect them to have the same level of technical security as HMRC or the NHS you would expect them to have more sophisticated tech than an accountant who is a Sole Trader.

        If they haven't employed obvious security measures such as patching and the like they would have breached GDPR.

        All that said the fact this is a criminal attack would be mitigation against any enforcement action.

  2. Alan J. Wylie

    The IT angle? Charlie Stross is one of Random Penguin's authors.

    1. nematoad

      "The IT angle?"

      Well I would have thought that the fact that the perpetrators actually hacked in to The7stars' system and exfiltrated a large amount of data would have placed this incident firmly in the "IT" category.

  3. Version 1.0 Silver badge

    A positive option?

    I think it might be interesting to create a database that essentially is just advertising (full of fairly fake information) and leave it open online ... when it gets accessed and stolen you would get some free adverts everywhere.

  4. Anonymous Coward
    Anonymous Coward

    A photo from a party is easier to deal with than before and after pics of your boob job.

    As always, "a sophisticated ransomware attack", I call bollocks. It will be a standard hack of a windows network carried out under the nose of the clueless pointy, clicky IT dept.

    Try taking security seriously BEFORE the hack happens.

    1. John Brown (no body) Silver badge

      Re: A photo from a party is easier to deal with than before and after pics of your boob job.

      "Try taking security seriously BEFORE the hack happens."

      Like not storing unencrypted scans of passports?

  5. sanmigueelbeer

    a spokesperson for the7star told The Register

    No deeply-regrets-the-incident-remains-committed-to-the-privacy-and-security blurb?

    Either the company is very honest (they are not regretting about the incident and/or not equally committed about the privacy and security) or they forgot.

  6. MachDiamond Silver badge

    Not paying up

    If you are a hospital and your patient records have all been compromised, you may not have a choice. Just the money that could be lost from not having billing records could well exceed the payment demands. You take your lumps and hopefully learn from the episode.

    Spending the money on top quality IT is important these days. Having deep backups. Keeping records offline that don't need to be online. Maintaining separate systems so a junior staff member in the housekeeping department can't click the wrong link while on break and lock up the whole of R&D's work on next year's product introductions. Computerizing things was suppose to lower costs and increase efficiency. Did the people on the C level just hoover up all of that money?

    I've seen photos of pre-calculator days when offices were full of clerks that kept track of things. It's like design departments that were a football pitch of draftsman all creating drawings one at a time. My drafting table has been in the garage for ages and I still have a big case full of pencils, templates, scales, you name it. I keep telling myself that I'll find a place to set it up someday. hmmmmmm.

    1. Adelio

      Re: Not paying up

      Ahh, America and patient billing. Well, i can believe that most of the "insurance" money gets spend on anything except patiend care. What a wonderful system.

      I am glad I live in the UK with the NHS rather than an 18th century healthcare system designed for the wealthy. THe NHS is not perfect, but at least it is free (If you live here)

      1. Anonymous Coward
        Anonymous Coward

        The NHS also has it's own version of patient billing.

        Everyone who has any medical interaction with a hospital will have their treatment documented and costed, with the figures heading off to a government dept so that the hospital can reclaim the mony.

        This leads to teams of people being paid real money so they can administer a system whose sole only is to reclaim gevernmental inter-department plastic pennies.

        Still, I suppose it will be so much easier for the incompetants who govern us to sell off the family silver when the hospital cost/profit ratio is known.

      2. Anonymous Coward
        Anonymous Coward

        Re: Not paying up

        yep U.S. insurance companies are a scam, skimming at every position, patient, hospital, DR, every device, stack up tall at the end of the day. It is the #1 cost of health care in the US. But don't mistake UK healthcare as free, you and everyone else pay taxes for it. UK actual cost is much lower at the end of the day in the UK, not being skimmed at every chance. Getting the US to that without running off doctors (what happens in many countries that suddenly nationalize healthcare) isn't an easy path. These companies in the US have a very tight grip on politicians and businesses - I don't see things changing in my lifetime.

  7. Anonymous Coward
    Anonymous Coward

    Air gap network isolated seems to be the only solution here. Slightly inconvenient but hopefully more secure.

  8. Big_Boomer Silver badge

    You can't keep all the threats off your system because you actually employed some of them. To mitigate ransomware threats you need to a) encrypt anything sensitive and b) BACKUP YOUR DATA. Other than that implement some basic intrusion prevention and maybe educate your idiots,.. sorry staff to NEVER CLICK on links in emails is about the best you can manage. Air-gapped systems are all well and good for military or research but not much use for an Ad Agency whose business relies on internet access.

    1. Potemkine! Silver badge

      " b) BACKUP YOUR DATA"

      c) Store your backups outside of your network

      d) test restoration from time to time.

      maybe educate your idiots

      Education: that's the most important part. Whatever the technical means, we can maybe deflect 1/3 of the attacks. The rest lies into the hand of users. they are the first line of defence, they must be integrated into the protection system. So shout the message, shout it again (education is also repetition), and again and again every 3 months.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like