Egregor Ransomware Steals Data from Recruiter Randstad

Egregor Ransomware Steals Data from Recruiter Randstad

One of the world’s largest recruitment agencies has become the latest victim of a serious ransomware attack, after being hit by the Egregor variant.

Randstad claims to have 280,000 clients and operations in 38 countries. Its 38,000 employees helped to generate nearly €24bn ($29bn) in revenue last year.

However, the self-styled “number one recruitment agency in the world” revealed in a statement late last week that it “recently” became aware of malicious activity on the network.

It appears as if the firm manged to escape any major operational impact, but it has suffered a data breach.

“Prompt global action was taken to mitigate the incident while further protecting Randstad’s systems, operations and data. As a result, a limited number of servers were impacted. Our systems have continued running without interruption and there has not been any disruption to our operations,” it explained.

“To date, our investigation has revealed that the Egregor group obtained unauthorized and unlawful access to our global IT environment and to certain data, in particular related to our operations in the US, Poland, Italy and France. They have now published what is claimed to be a subset of that data.”

An investigation into exactly what has been accessed is currently underway, so that relevant parties can be notified. As a major recruiter, Randstad would have access to troves of personal data from job-hunters.

The firm said the relevant regulatory authorities and law enforcement agencies have been notified, and that it doesn’t appear as if any third-party systems were impacted by the attack.

Egregor first came to light in September, when the ransomware-as-a-service group appeared to rise from the ashes of the now-defunct Maze gang. Since then, it has quickly ramped up activity, with the number of victim organizations soaring 240% between September and October, according to Digital Shadows.

The ransomware itself was designed with code obfuscation and packed payloads, in a bid to deter analysis by researchers.

Leave a Reply