Egregor ransomware group breaks into Randstad and gains access to data

The ransomware group Egregor has broken into the employment agency and HR office Randstad. In addition, the cyber criminals were given access to sensitive data that mainly related to Randstad’s American, Polish, Italian and French operations.

Randstad writes about a ‘recent’ cyber attack in which the ransomware group gained access to the ‘global IT environment and certain data’. Egregor claims to have put some of the data online, according to the employment agency. The company is still investigating which data the criminals had access to and whether personal information was included. It is therefore not yet clear whether personal data of, for example, temporary workers has now been disclosed.

The employment agency said it was able to stop the attack quickly, so that only ‘a limited number’ of servers were affected. As a result, business operations could continue ‘undisturbed’. Systems of other parties do not appear to have been affected by the attack. The relevant government bodies and police services have been informed, according to Randstad. To stop the attack, Randstad made use of its own incident team and external cyber security experts.

Although Randstad does not specify that it was a ransomware attack, it is very similar. Egregor is known only as a ransomware group that has been active since September. This group would previously have been responsible for the hack on Ubisoft, in which the source code of Watch Dogs: Legion was allegedly stolen. The ransomware works similar to Maze. The malware not only encrypts files, but steals them as well. The criminals promise to release these files if a company pays the ransom.