Luxury fashion house Zegna confirms August ransomware attack

The Italian luxury fashion house Ermenegildo Zegna has confirmed an August 2021 ransomware attack that resulted in an extensive IT systems outage.

The disclosure came in today’s filing of an SEC Form 424B3 that updates their investment prospectus to alert investors of business disruption and data breach risks resulting from sophisticated cyberattacks.

To highlight the potential investment risks, the report provides an example of a ransomware attack that hit the firm in August 2021, impacting most of its IT systems and causing a large-scale interruption.

Zegna underlines that they did not engage with the ransomware actors in negotiating a ransom payment, so they had to restore from backups in the weeks that followed the incident.

While Zegna had previously disclosed unauthorized access to their systems at the time, it was not until today’s SEC filing that they confirmed it was a ransomware attack.

“In August 2021, we were subject to a ransomware attack that impacted the majority of our IT systems. As we refused to engage in discussions relating to the payment of the ransom, the responsible parties published certain accounting materials extracted from our IT systems,” reads Zegna’s SEC filing.

“We publicly announced the IT systems breach and gradually restored our IT systems from secure backup servers during the weeks following the breach.”

As the filing updates the prospectus to address risks to investors, it also warns:

“A malfunction that results in a wider or sustained disruption to our business could have a material adverse effect on our business, results of operations, and financial condition. In addition to supporting our operations, we use our systems to collect and store confidential and sensitive data, including information about our business, our customers and our employees.

Any unauthorized access to our information systems may compromise the privacy of such data and expose us to claims as well as reputational damage. Ultimately, any significant violation of the integrity of our data security could have a material adverse effect on our business, results of operations, and financial condition.”

RansomEXX claimed the attack

Last year, the RansomEXX operation claimed responsibility for the attack, where data was published as a way to further extort the victim into paying a ransom.

The leaked data was stolen from Zegna’s systems and was published by the ransomware gang on the day of the firm’s announcement of their attack.

Zegna's entry on the RansomEXX leak portal
Zegna’s entry on the RansomEXX leak portal (Bleeping Computer)

As part of the attack, the threat actors claim to have copied 20.74 GB of data where they offered it in password-protected ZIP files. At this time, Zegna’s listing on the leak portal has allegedly received 483,000 visits.

List of files still offered on the RansomEXX Tor site
List of leaked files (BC)

Unfortunately, Zegna’s filing confirms the authenticity of the leaked data, but they did not comment on the impact on clients and partners.

This is the same ransomware group that has hit corporate giants such as Konica Minolta in August 2020, GIGABYTE in August 2021, and more recently, Hellmann Worldwide.

Source :