A cybercriminal group has hacked London-based enterprise Zaha Hadid Architects, and tried to extort funds from it using malicious ransomware.

The hackers’ ransom demands follow a successful raid on the firm’s servers, which resulted in a data breach and the theft of private information on a computer located at the architect’s studio on Bowling Green Lane.

Zaha Hadid Architects informed the police of the online infiltration after it discovered messages posted on its company server announcing that some of the firm’s internal data had been tampered with. The messages stated that confidential data was encrypted, and Zaha Hadid Architects would only regain access to it following negotiations with the hacker resulting in a financial settlement.

A strong stance against cybercrime

Following discovery of the hackers’ messages, Zaha Hadid Architects opted not to enter dialogue with the cybercriminals responsible but instead enlisted the aid of a forensics team to undertake an investigation and determine the nature and extent of the company data breach.

Overall, the encrypted data has not disrupted the business. Although personnel were temporarily denied access to the server while it was locked down and needed to alter passwords, the firm routinely backs up its company information so had access to the encrypted data. However, it is not yet known precisely how much data has been taken, and the hackers threatened the firm via an anonymous Twitter account, posting a now-removed tweet that featured screenshots of cash book and payroll information obtained in the hack.

Exploiting the current climate

With many company employees making the move to work remotely in the wake of the coronavirus outbreak, cybercriminals are taking advantage of the situation. Through unsecure access points to company computers and servers used by staff working at home, hackers are seeking ways to penetrate security defences.

The architectural firm believes the attack was not specifically made against it, as its investigation suggests no company project data has been interfered with or stolen. However, it has made a statement warning other practices in the architectural community of the potential threats from hackers during the COVID-19 pandemic.

A spokesperson for Zaha Hadid Architects said:

“With all our 348 London-based staff working from home during this pandemic and cybercriminals poised to exploit the situation, we strongly advise the architectural community to be extremely cautious. Data protection and privacy is extremely important to us and this is why we regretfully have to announce that on 21 April we experienced a security breach and theft of data in a ransomware attack.”

Commenting on the actions it took, the firm added:

“We immediately worked to secure our network and reported the incident to the authorities. With minimal disruption to the work of our teams, we continue to investigate any criminal theft of data with cyber specialists.”

Reports indicate that the data stolen from Zaha Hadid Architects includes a wide range of the company’s confidential records and internal messaging, including life insurance information, employee details, financial documents, staff contracts and dumps from email inboxes.