Earlier this week Randstad announced that its network
was attacked by Egregor ransomware, attack which led to data theft
Unencrypted. Randstad is a staffing agency and the largest in the entire
world with 38 offices spread over several countries and owner of the famous
Monster.com Employment Website. The company generated 23.700 million euros and
more than 38.000 people employed in 2019.
This week the Egregor group published a message stating the
Randstad data theft during this cyberattack. The leaked data is a
Archive of 32,7 MB containing inside 184 Files More, among these files according to
Egregor reports accounting spreadsheets are included, Financial Reporting,
Legal Documents and Other Miscellaneous Business Documents, the total of the
stolen data is equivalent to a 1% of total company data.
After the publication by Egregor on the
attack, Randstad released a safety notification confirming that it had been
victim of the Egregor group. According to the company in the statement, They only saw each other
a limited number of servers were affected and the internal network of the
company and its business operations were not affected by continuing to
Usual functionality.
The company has confirmed in the statement the data theft,
but that they are still investigating the scope of the data theft.
At the moment, the company believes that only its operations have been affected
in the U.S., Poland, Italy and France. The investigation is still ongoing to
to know if there has been theft of personal data in order to take the necessary measures to
respect and notify relevant parties.
Randstad is the third victim of the ransomware operation
Egregor in a week after successful attacks on department stores
Kmart and Metro Vancouver's TransLink transit system.
Egregor is a new ransomware-as-a-service operation (RaaS)
where the cybercriminal partners with affiliates to compromise networks and
Deploy Your Ransomware. In this agreement, Members receive a 70% of payment
For the rescue, while Egrergor operators receive a 30%.
Operation Egregor began operations in mid-September
of 2020 shortly after the notorious ransomware group known as
Maze will cease its operation, which allowed Egregor's new operation
increase their attacks quickly due to the change of Maze operators
by Egregor.