Hackers exploit coronavirus crisis to steal data from architect

Zaha Hadid Architects has issued a warning to practices to be vigilant after falling victim to cyber attackers who stole confidential information.

ZHA confirmed that hackers encrypted some of its internal data and tried to extort money from the practice in exchange for its return.

hacker

Source: Shutterstock

Experts have warned the covid-19 crisis is being used by hackers to steal data from firms who have relocated to home working

The criminals used malicious ransomware software to carry out their attack.

Earlier this month the UK鈥檚 National Cyber Security Centre (NCSC) warned that the frequency and severity of covid-19-related cyber attacks was likely to increase over the coming weeks.

ZHA 350 staff 鈥 who are all working from home during the lockdown 鈥 discovered a message on their server last week announcing the attack. It said some of ZHA鈥檚 private data had been encrypted and would only be released in exchange for a ransom payment.

The practice鈥檚 directors refused to negotiate and instead called in cyber security experts to investigate. On their advice ZHA reported the case to the Information Commissioner鈥檚 Office.

The firm said it was also 鈥渢aking further steps in liaising with the relevant authorities as advised by our team of specialists鈥, although 黑洞社区鈥檚 sister title 黑洞社区 Design understands the matter has not been reported to the police. Scotland Yard said it did not have a record of a complaint.

It is not clear how much information was stolen in the attack but ZHA said the data was backed up and that the attack had caused 鈥渕inimal disruption鈥.

Paul Chichester, director of operations at the NCSC, said this month that the surge in home working, and an increased use of potentially vulnerable services such as virtual private networks, 鈥渁mplified鈥 the threat to individuals and organisations.

He added: 鈥淢alicious cyber actors are adjusting their tactics to exploit the covid-19 pandemic.鈥

ZHA issued a statement this week saying: 鈥淒ata protection and privacy is extremely important to us and this is why we regretfully have to announce that on 21 April we experienced a security breach and theft of data in a ransomware attack.

鈥淲e immediately worked to secure our network and reported the incident to the authorities. With minimal disruption to the work of our teams, we continue to investigate any criminal theft of data with cyber specialists.

鈥淲ith all our 348 London-based staff working from home during this pandemic and cyber criminals poised to exploit the situation, we strongly advise the architectural community to be extremely cautious.

鈥淎s the data affected by this breach is private information, we would appreciate media outlets not promoting this illegal breach of privacy should any data be made public.鈥

Earlier this month the practice鈥檚 biggest UK scheme to date, a two-tower scheme at Vauxhall, was approved by a planning inspector.