Cyber-forensics team summoned after Zaha Hadid Architects cyberattack

Server Terror

Cyber-forensics team summoned after Zaha Hadid Architects cyberattack

Principal of Zaha Hadid Architects, Patrik Schumacher. (Wikimedia Commons)

Zaha Hadid Architects (ZHA) swiftly alerted authorities after falling victim to a ransomware attack last week.

The London-based firm first reported the incident to investigators on April 21 after discovering confidential data had been encrypted and held hostage by a hacker or hackers who had managed to infiltrate the company’s private servers. The cyber-thief left messages announcing the crime and demanding an undisclosed ransom settlement. As the Architects’ Journal first reported, a now-deleted anonymous Twitter also account posted screenshots of payroll and financial information following the breach.

ZHA did not respond to the threat directly, and upon discovering the breach brought in a cyber-forensics team. It’s also unclear how much data was stolen, although it’s believed that no specific project information was pilfered. As a result of the breach, employees were briefly locked out of the company servers and forced to change their passwords. Additionally, “it is understood clients have not yet been made aware of the security breach, as the company could not yet guarantee its communications system was secure,” wrote the Architects’ Journal.

Although the firm doesn’t have any reason to believe it was specifically targeted, ZHA believes that hackers are prying on the vulnerabilities of companies that, like itself, have fully transitioned into work-from-home mode during the coronavirus pandemic.

“With all our 348 London-based staff working from home during this pandemic and cyber criminals poised to exploit the situation, we strongly advise the architectural community to be extremely cautious,” a spokesperson for ZHA told the Architects’ Journal. “Data protection and privacy is extremely important to us and this is why we regretfully have to announce that on 21 April we experienced a security breach and theft of data in a ransomware attack. We immediately worked to secure our network and reported the incident to the authorities. With minimal disruption to the work of our teams, we continue to investigate any criminal theft of data with cyber specialists.”

As recently reported by Reuters, reported incidents of hacking activity against companies in the United States and abroad has more than doubled “by some measures” over the past month as a record number of workers access sensitive information stored on servers via virtual private networks (VPNs) while housebound.

“There is a digitally historic event occurring in the background of this pandemic, and that is there is a cybercrime pandemic that is occurring,” Tom Kellermann, a cybersecurity strategist with software and security company VMware Carbon Black, told Reuters. “It’s just easier, frankly, to hack a remote user than it is someone sitting inside their corporate environment.”