Luxury handbag maker Radley London has appeared on the dark web victim blog of cybercrime gang RansomHouse. The gang claims to have lifted 600GB of data from the company, though no ransom demand or deadline for payment appears to have been issued.
A manufacturer of premium handbags and other accessories UK-based Radley London was founded in 1988 and reported a turnover of £47.5m in 2022.
The RansomHouse post claims to have encrypted the company’s data on 29 August. This suggests that communications may have broken down between the company and the cybercriminal gang, as hackers often post company names and threats publicly to ramp up the pressure in negotiations.
“Dear Radley and Co” reads the post, “We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to contact us.”
Radley London was posted to the blog alongside US law firm Hawkins, Delafield and Wood, with the hackers stating they encrypted part of the business’s systems on 3 September. It is not known if a ransom demand has been issued.
A Radley spokesperson said: “We recently identified and contained an IT security incident which caused some disruption to our business operations. We immediately took the affected part of our systems offline and began investigating what happened in partnership with external forensic specialists.
“We have restored our system from clean, unaffected back-ups and are returning the business back to normal ways of working. Our stores remain open as usual and our website is available for online customers.”
The spokesperson added that the company has “informed our colleagues and will continue liaising closely with our partners and the relevant authorities as we progress our investigations.”
Is RansomHouse a group of disgruntled bug bounty hunters?
RansomHouse has been active since at least 2021, and normally extorts companies by lifting sensitive data and charging them to keep it quiet. The current attacks, however, claim to be encrypting data, hinting that the gang may be crossing over into ransomware.
Cybersecurity researchers have previously suggested that the gang may be comprised of disgruntled bug bounty hunters, as its demeanour is more professional and focused than other groups.
A blog post by security company MalwareBytes has detailed that RansomHouse was “seen as polite and focused and not easily swayed away into irrelevant conversations”. The group also claimed it is “pro-freedom”, “very liberal”, and won’t have anything to do with radical hacktivists or espionage groups.
But it later made headlines for implementing a devastating attack on the Hospital Clinic de Barcelona, reducing staff to using pen and paper. Over 150 surgeries were reportedly cancelled, along with 3,000 appointments and 400 pieces of analysis, prompting investigations from both Europol and Interpol.
Last year, RansomHouse also attacked the Government of Vanuatu, a chain of islands in the south-western Pacific Ocean. The attack was ongoing for over one month and led to the loss of 3.2TB of data.