Moncler, an Italian luxury fashion brand, recently discovered a ransomware attack following stolen data publicized over the ToR networks through leak sites. The data breach transpired back in December by the AlphV/BlackCat, the first professional ransomware strain developed in the Rust programming language. In the last week of last year, Moncler experienced an interruption in its IT services but ensured this wouldn't go beyond a mere temporary outage.

MalwareHunterTeam, in association with Record Future, discovered this malware strain ALPHV aka BlackCat found targeting Windows, Linux, and VMWare ESXi systems, with minimum casualties back then. According to Michael Gillespie, BlackCat is a “very sophisticated" ransomware, and its author ALPHV/AlphaV was speculated to have been a part of the infamous REvil ransomware operations.

Following the announcement, Moncler admitted that the data compromised during the ransomware attack, such as employees, former employees, suppliers, consultants, business partners, & customers details of the fashion brand were exposed all across the web.

Earlier in December, BlackCat has been frequently advertised as the Ransomware-as-a-Service (RaaS) across various popular forums over the DarkWeb by AlphaV/ALPHA, also following the same approach of double-extortion model like any other ransomware group, coercing their victims to fall under an intimidating dilemma to leak the extorted data if they fail to pay the ransom amount. Then ransom demands made by AlphaV/BlackCat range from a few hundreds of thousands up to $3M worth of Bitcoin or Monero, reportedly refused by Moncler to make the ransom payment that resulted in leaking out of the data.

While there haven't been any confirmed reports of financial data loss as Moncler didn't have it hosted over the servers.

“With regard to information linked to customers, the company informs that no data relating to credit cards or other means of payment have been exfiltrated, as the company does not store such data on its systems.” reads a statement shared by the AlphaV (BlackCat) ransomware gang with Bleeping Computer “Moncler reminds that all information in possession of cybercriminals is the result of illegal activities and that consequently, the acquisition, use, and dissemination of the same constitutes a criminal offense.”

Moncler notified that the further distribution or possession of the stolen data would be considered a criminal offense.

"Moncler reminds that all information in possession of cybercriminals is the result of illegal activities and that consequently, the acquisition, use, and dissemination of the same constitutes a criminal offense." - Moncler.

Italian Data Protection Authority was also duly informed along with the stakeholders of Moncler about this ransomware as Moncler has been the very first victim of AlphaV/BlackCat since the beginning of December 2021. Being new ransomware in existence, AlphaV/BlackCat has a robust operational structure, features, & thought-out approach to all stages of the ransomware attack. Currently, they are expanding the team of operators by offering them between 80% and 90% of the final obtained ransom, depending on its value. Even though their operations only hit a small number of victims across the USA, Australia, and India, but only target "rich customers" under their victim list.