View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 21, 2023

Handbag maker Radley London victim of RansomHouse cyberattack?

The gang claims to have encrypted and stolen 600 gigabytes worth of data from the luxury goods manufacturer.

By Claudia Glover

Luxury handbag maker Radley London has appeared on the dark web victim blog of cybercrime gang RansomHouse. The gang claims to have lifted 600GB of data from the company, though no ransom demand or deadline for payment appears to have been issued.

Radley London posted to RansomHouse victim blog. (Photo by Richard Oldroyd/Shutterstock)

A manufacturer of premium handbags and other accessories UK-based Radley London was founded in 1988 and reported a turnover of £47.5m in 2022.

The RansomHouse post claims to have encrypted the company’s data on 29 August. This suggests that communications may have broken down between the company and the cybercriminal gang, as hackers often post company names and threats publicly to ramp up the pressure in negotiations.

“Dear Radley and Co” reads the post, “We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to contact us.”

Radley London was posted to the blog alongside US law firm Hawkins, Delafield and Wood, with the hackers stating they encrypted part of the business’s systems on 3 September. It is not known if a ransom demand has been issued.

A Radley spokesperson said: “We recently identified and contained an IT security incident which caused some disruption to our business operations. We immediately took the affected part of our systems offline and began investigating what happened in partnership with external forensic specialists.

“We have restored our system from clean, unaffected back-ups and are returning the business back to normal ways of working. Our stores remain open as usual and our website is available for online customers.”

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

The spokesperson added that the company has “informed our colleagues and will continue liaising closely with our partners and the relevant authorities as we progress our investigations.”

Is RansomHouse a group of disgruntled bug bounty hunters?

RansomHouse has been active since at least 2021, and normally extorts companies by lifting sensitive data and charging them to keep it quiet. The current attacks, however, claim to be encrypting data, hinting that the gang may be crossing over into ransomware.

Cybersecurity researchers have previously suggested that the gang may be comprised of disgruntled bug bounty hunters, as its demeanour is more professional and focused than other groups. 

A blog post by security company MalwareBytes has detailed that RansomHouse was “seen as polite and focused and not easily swayed away into irrelevant conversations”. The group also claimed it is “pro-freedom”, “very liberal”, and won’t have anything to do with radical hacktivists or espionage groups.

But it later made headlines for implementing a devastating attack on the Hospital Clinic de Barcelona, reducing staff to using pen and paper. Over 150 surgeries were reportedly cancelled, along with 3,000 appointments and 400 pieces of analysis, prompting investigations from both Europol and Interpol.

Last year, RansomHouse also attacked the Government of Vanuatu, a chain of islands in the south-western Pacific Ocean. The attack was ongoing for over one month and led to the loss of 3.2TB of data. 

Read more: Donut ransomware gang hits UK IT services provider

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.