Randstad, global recruitment giant, confirms Egregor ransomware attack

Randstad NV, a major personnel agency, has announced that its computer networks were compromised through an attack by the Egregor ransomware; threat actors would have stolen sensitive information before encrypting the attacked networks. This company employs more than 38,000 people worldwide, generating million-dollar revenue each year.

A few days ago, Egregor’s operators published on their website that, according to their estimates, they managed to extract 32.7 MB that could account for up to 1% of the files protected by Randstad. Committed information includes financial reports, payroll details, legal documentation, among other private records.

La imagen tiene un atributo ALT vacío; su nombre de archivo es randstad07122020.jpg

After the cybercriminals posted this information on its platform, the company issued a statement to confirm the incident, noting that the cyberattack only affected a small number of servers, so its normal activities were not disrupted. Randstad mentions that the stolen information does not appear to be related to its customers.

“Our internal investigation revealed that a hacking group gained unauthorized access to our IT environment, specifically in our operations in the United States, Italy, Poland and France. We continue to investigate to identify which data set was compromised so that we can take the necessary action.”

This is one of the hacking groups that boast the most successful attacks every week, especially highlighting the incident that occurred on TransLink in Metro Vancouver or the Kmart warehouse chain. According to specialist reports, Egregor is a newly undertaken operation specially dedicated to ransomware as a service (RaaS). This operation model allows malware creators to get 30% of the profits generated by criminal groups tasked with deploying the attacks.

It appears that Egregor began trading in mid-September 2020 after a prominent ransomware group known as Maze closed its operations. On several occasions alleged members of the hacking group have claimed that virtually the entire Structure of Maze moved to Egregor, which allowed for growth in the group’s criminal activity.