Analyzing the Cybersecurity Breach at All We Wear Group by the Underground Team

Incident Date: May 04, 2024

Attack Overview

VICTIM

All We Wear Group

INDUSTRY

Retail

LOCATION

Spain

ATTACKER

Underground Team

FIRST REPORTED

May 4, 2024

Request Removal

Analysis of the Underground Team Ransomware Attack on All We Wear Group

Company Profile

Founded in 2006, All We Wear Group (AWWG) is a prominent player in the global fashion industry, housing iconic brands such as Pepe Jeans London, Hackett, and Façonnable. The company operates more than 5,000 points of sale across 54 countries and employs over 4,200 individuals. With a projected revenue of approximately 655 million euros for the fiscal year 2023/24, AWWG stands out due to its diverse brand portfolio and strong market presence.

Details of the Ransomware Attack

The cyberattack on AWWG was executed by the Underground Team, a notorious ransomware group. The attack targeted the company's Spanish website, awwg.com, leading to the exfiltration of 204.9 GB of sensitive data. This data spanned several decades back to 1987 and included financial records, legal documents, and personally identifiable information (PII) of employees and board members.

The compromised data was extensive, featuring passports, IDs, addresses, emails, social security numbers, phone numbers, job offers, payroll data, and non-disclosure agreements among other sensitive information. The full dataset has been published on the dark web, posing significant privacy and security risks to the individuals and entities involved.

Characteristics of Underground Team Ransomware

Underground Team ransomware is known for its sophisticated 64-bit GUI and utilizes a variety of commands to disrupt victim systems. These include deleting backups, modifying registry settings, and halting critical services like MSSQLSERVER. The ransomware leverages API functions to identify system volumes and deploys its ransom note across multiple system folders, while selectively encrypting files and directories.

The primary infection vector for this ransomware is typically through phishing emails containing malicious attachments or links to compromised websites. These emails are crafted to appear legitimate, tricking users into initiating the ransomware's deployment.

Vulnerabilities and Industry Impact

AWWG's significant digital footprint and extensive data repositories made it an attractive target for the Underground Team. The fashion industry, with its global supply chains and diverse customer data, remains particularly vulnerable to such attacks, which can lead to substantial financial and reputational damage.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.