The Fashion Group International’s 10-person office has pretty much been electronically immobilized since its computer system was hacked Friday.
The New York-based nonprofit notified the Federal Bureau of Investigation after “thousands” of files were encrypted by an unidentified domain with an Eastern European-sounding name seeking payment for the key to release them, according to FGI’s chief technology officer Bruce Borner.
This story first appeared in the November 19, 2014 issue of WWD. Subscribe Today.
“There is no group. The Web site is some bizarre name that says ‘Pay to’ what sounds like an Eastern European name and then a slash, and the key that represents us.com,” he said. “The question is, we paid it on Friday, but are they really going to send us the key?”
After the group’s annual Tastemakers luncheon Tuesday, FGI’s president Margaret Hayes said, “I don’t understand why they would go after the Fashion Group, with all due respect. Unless it is such a pervasive business that they attack small and random [groups.] We’re not a big corporation. We’re a small not-for-profit within the fashion industry. I couldn’t figure out why we were targeted, unless these are not people who have anything to say about we-hate-Fashion-Group. I believe it really is random.”
Hayes added, “The basic idea is that someone opened up something that they should have not opened up because there is a lot of bad stuff that comes in via e-mail, etc. We have placed a report [with the FBI] to try to see if we can figure out what happened. It’s never happened before and it’s pretty devastating to lose your files for a week to 10 days and nor can you be sure they will be replaced.”
Borner said, “They want $500, which is reasonable, considering the damage. People have said, ‘Well, go to your backups,’ but the problem is that anything that is attached to the system is at risk of being affected.”
As requested, FGI paid in Bitcoins, but that process is slower than expected, according to Borner. “You would think if you buy something you get it right away, but it takes four days to get the Bitcoins. And that’s kind of a sleazy business, too.”
Still uncertain whether the hackers will abide by their Bitcoin-funded ransom, FGI is also waiting for some insight from the FBI. “There was a form that I filled out and then I got a reply from this other division, which said, ‘We’ll get back to you. Don’t reply to this,’” Borner said.