CrimeJun 30, 2022
What JSA’s Annual Report Tells Us About Jewelry Crime in 2021TechnologyJul 12, 2022
Graff’s Ransomware Payment Not an Unusual Move, Expert Says
The high-end jeweler reportedly paid a $7.5 million ransom to a group of hackers and is suing its insurance company to cover the loss.
London—Graff Diamonds reportedly paid a $7.5 million ransom in Bitcoin to the hackers responsible for a ransomware attack on its systems last fall, a decision that is not unusual for large companies today, one expert says.
Ransomware is malware that uses encryption to hold a victim’s system or personal data hostage, basically, and demands payment to get them back.
Following the attack on Graff, Conti, the group that took credit for it, leaked data about the brand’s clients, such as their names and, potentially, their home addresses.
Graff counts many high-end clients and celebrities as customers, and the data breach included leaked data about the royal families in Saudi Arabia, the United Arab Emirates, and Qatar, prompting Conti to issue an apology to the families involved, an unusual move for the group.
Conti threatened to leak more of Graff’s data if the ransom wasn’t paid.
Though it tried to avoid paying, the high-end jeweler eventually offered $7.5 million, half the original ransom amount, and Conti accepted, according to Bloomberg, which broke the story. The jeweler paid in Bitcoin.
Graff is also suing its insurance company, The Travelers Companies Inc., in a London court for the losses, arguing that its policy should cover the ransom payment.
“The criminals threatened targeted publication of our customers’ private purchases. We were determined to take all possible steps to protect their interests and so negotiated a payment that successfully neutralized that threat,” a Graff spokesperson told National Jeweler.
“Regrettably, these commercial decisions are all too common these days. Insurers know this, which is why we are extremely frustrated and disappointed by Travelers’ attempt to avoid settlement of this insured risk. They have left us with no option but to bring these recovery proceedings at the High Court.”
The Travelers Companies did not respond to a request for comment by press time.
Related stories will be right here …
Ransomware is malware that uses encryption to hold a victim’s system or personal data hostage, basically, and demands payment to get them back.
Following the attack on Graff, Conti, the group that took credit for it, leaked data about the brand’s clients, such as their names and, potentially, their home addresses.
Graff counts many high-end clients and celebrities as customers, and the data breach included leaked data about the royal families in Saudi Arabia, the United Arab Emirates, and Qatar, prompting Conti to issue an apology to the families involved, an unusual move for the group.
Conti threatened to leak more of Graff’s data if the ransom wasn’t paid.
Though it tried to avoid paying, the high-end jeweler eventually offered $7.5 million, half the original ransom amount, and Conti accepted, according to Bloomberg, which broke the story. The jeweler paid in Bitcoin.
Graff is also suing its insurance company, The Travelers Companies Inc., in a London court for the losses, arguing that its policy should cover the ransom payment.
“The criminals threatened targeted publication of our customers’ private purchases. We were determined to take all possible steps to protect their interests and so negotiated a payment that successfully neutralized that threat,” a Graff spokesperson told National Jeweler.
“Regrettably, these commercial decisions are all too common these days. Insurers know this, which is why we are extremely frustrated and disappointed by Travelers’ attempt to avoid settlement of this insured risk. They have left us with no option but to bring these recovery proceedings at the High Court.”
The Travelers Companies did not respond to a request for comment by press time.
Shayne Caffrey, marketing manager and cybersecurity awareness training lead for LeeShanok Network Solutions, echoed what Graff Diamonds said it its statement—ransom payouts like this are fairly common today.
“Deciding whether to pay the ransom is a cost/benefit analysis. It can make a lot of sense to pay up when you can’t safely restore from a backup,” he said in an email to National Jeweler.
Once a business does decide to pay, it becomes a negotiation, going back and forth on price like in any deal until it becomes worth it for both sides.
“In this case, the initial $15 million demand may not have been worth it, but $7.5 million was,” Caffrey said. “Hackers would rather get something than nothing. This calculated approach means ransoms get paid more often than any of us would like.”
He also noted there’s rarely a guarantee that hackers will unencrypt the data even once the ransom is paid.
Caffey offered businesses two recommendations to reduce the chances of becoming a victim of cybercrime.
The first is to require every employee to undergo cybersecurity awareness training annually, with a particular focus on phishing prevention.
According to IBM, 95 percent of breaches result from human error, and the only way to fix that is through education, he noted.
But rather than using the common online training modules, Caffrey suggested bringing in a cybersecurity expert to deliver a live training, either in-person or virtually.
“In my experience, those trainings are much stickier.”
The second tip is to create a strong Backup and Disaster Recovery (BCDR) Strategy.
“Implementing these strategies can seem expensive on the surface, but they are often a fraction of the cost of paying a ransom, or even paying increased insurance premiums after a breach,” Caffrey said.
“Plus, it feels a lot better to restore your environment to a pre-ransomware instance than to reward the hackers by paying a ransom.”
More tips businesses can use to protect themselves from the Jewelers Security Alliance can be found in National Jeweler’s original story reporting on the Graff attack.
More on Technology
The Latest
CrimeMay 23, 2025
JSA Shares Holiday Weekend Security Tips Amid Spike in BurglariesJSA’s Scott Guginsky provided a list of nine security measures jewelers should observe while locking up for the long weekend.
CollectionsMay 23, 2025
Piece of the Week: Bliss Lau’s ‘Bright’ RingFrom Lau’s “Love of a Kind” series, the engagement ring was inspired by the moon and holds a different meaning depending on how it is worn.
GradingMay 23, 2025
GIA Updates Pearl Classification SystemThe lab has adjusted the scale it uses for nacre grading.
Brought to you by
Clienteling Isn’t a Buzzword. It’s an Essential Business Model.More shoppers are walking out without buying. Here’s how smart jewelers can bring them back—and the tool they need to do it right.
Supplier BulletinMay 22, 2025
How to Put Natural Diamonds Back in the SpotlightSponsored by GCAL by Sarine
Weekly QuizMay 22, 2025
This Week’s QuizTest your jewelry news knowledge by answering these questions.
CrimeMay 22, 2025
NY Jeweler Sentenced in Shoving Death of Colleague at IJO ShowDavid Walton will serve three years’ probation after an incident in a hotel bar led to the death of West Virginia jeweler David Ettinger.
FinancialsMay 22, 2025
Watches of Switzerland’s Full-Year U.S. Sales Climb 14% The retailer also provided an update on how the tariffs situation in the U.S. is affecting its business.
Brought to you by
Las Vegas Antique Jewelry & Watch Show: Showcasing the Most Collectible Merchandise from Across the GlobeGain access to the most exclusive and coveted antique pieces from trusted dealers during Las Vegas Jewelry Week.
IndependentsMay 22, 2025
Adeler Jewelers Celebrates 50 YearsThe family-owned jeweler in Great Falls, Virginia, will be celebrating its golden jubilee with a year’s worth of events.
Events & AwardsMay 22, 2025
Jose Hess Design Awards Announce JudgesThe nonprofit elected five judges who will decide the winners of its design competition.
MajorsMay 22, 2025
MJSA Releases 2025-2026 Buyer’s GuideThis year’s edition includes articles on the favorite tools of notable designers, evaluating when to outsource production, and more.
CollectionsMay 21, 2025
Bulgari Highlights Its Colorful Past in Phenomenal ‘Polychroma’ CollectionThe jeweler’s high jewelry collection features extraordinary gemstones, like a 241.06-carat emerald and the world’s fourth-largest spinel.
ColumnistsMay 21, 2025
Edahn’s Take: Analyzing the 2025 ‘$100 Million Supersellers’ List In a special column for the State of the Majors, Edahn Golan breaks down what the top-performing fine jewelry sellers are doing right.
MajorsMay 21, 2025
Beyoncé Dons Brilliant Earth Necklace During Cowboy Carter TourThe bolo tie necklace is inspired by “Queen Bey” and set with a nearly 15-carat black diamond.
SourcingMay 21, 2025
Gem Legacy Expands Advisory CouncilThe nonprofit focused on mining communities in East Africa has added three new members to its advisory council.
MajorsMay 20, 2025
Annie Doresca to Lead DCA as New CEO, PresidentCurrent Diamond Council of America President and CEO Terry Chandler is set to retire in January 2026.
FinancialsMay 20, 2025
QVC Group to Voluntarily Delist from NasdaqThe company's Series A shares will continue to trade following a reverse stock split while its Series B shares will be delisted.
ColumnistsMay 20, 2025
Peter Smith: Leading Through ChangeCommunicating clearly with your staff is key to navigating turbulent times, writes columnist Peter Smith.
IndependentsMay 20, 2025
Luis Morais Opens Flagship, Launches Collection Celebrating 25 YearsThe “Inner Journey” collection debuted as the brand celebrated its 25th anniversary, with designs inspired by Morais’ journey.
MajorsMay 20, 2025
Tanishq Opens Seventh U.S. StoreTanishq is expanding its presence in the United States with a new store in Santa Clara, California, which is its largest in the country.
FinancialsMay 19, 2025
Jewelry Sales a Standout for Richemont in 2024Sales for Richemont’s four jewelry brands increased 8 percent, while watch sales picked up toward the end of the year.
Events & AwardsMay 19, 2025
NAJA Opens Scholarship Applications for 2025Two scholarships are available, one for new and non-members and another for NAJA certified members.
IndependentsMay 19, 2025
Day’s Jewelers to Open Ninth LocationThe retailer’s new flagship is set to open in October at the Tuscan Village development in Salem, New Hampshire.
SourcingMay 19, 2025
State of Colored Stones: The Big Three in the Modern WorldSapphires, emeralds, and rubies are finding their place in a U.S. market captivated by the gemstones once referred to as “semi-precious.”
MajorsMay 16, 2025
Saks Fifth Avenue, Amazon Partner on Luxury Online StorefrontPlus, parent company Saks Global announces plans to cut ties with up to 600 vendors.
Recorded WebinarsMay 16, 2025
Watch: Physical Retail Is Not DeadPeter Smith joined Michelle Graff to chat about the state of brick-and-mortar stores and share a few book and podcast recommendations.
CollectionsMay 16, 2025
Piece of the Week: Tejen’s ‘Candy Bowl’ Torque NecklaceThe necklace features a candy-colored Australian white opal in 18-karat Fairmined gold, as the brand was named a Fairmined ambassador.
