Graff’s Ransomware Payment Not an Unusual Move, Expert Says
The high-end jeweler reportedly paid a $7.5 million ransom to a group of hackers and is suing its insurance company to cover the loss.

Ransomware is malware that uses encryption to hold a victim’s system or personal data hostage, basically, and demands payment to get them back.
Following the attack on Graff, Conti, the group that took credit for it, leaked data about the brand’s clients, such as their names and, potentially, their home addresses.
Graff counts many high-end clients and celebrities as customers, and the data breach included leaked data about the royal families in Saudi Arabia, the United Arab Emirates, and Qatar, prompting Conti to issue an apology to the families involved, an unusual move for the group.
Conti threatened to leak more of Graff’s data if the ransom wasn’t paid.
Though it tried to avoid paying, the high-end jeweler eventually offered $7.5 million, half the original ransom amount, and Conti accepted, according to Bloomberg, which broke the story. The jeweler paid in Bitcoin.
Graff is also suing its insurance company, The Travelers Companies Inc., in a London court for the losses, arguing that its policy should cover the ransom payment.
“The criminals threatened targeted publication of our customers’ private purchases. We were determined to take all possible steps to protect their interests and so negotiated a payment that successfully neutralized that threat,” a Graff spokesperson told National Jeweler.
“Regrettably, these commercial decisions are all too common these days. Insurers know this, which is why we are extremely frustrated and disappointed by Travelers’ attempt to avoid settlement of this insured risk. They have left us with no option but to bring these recovery proceedings at the High Court.”
The Travelers Companies did not respond to a request for comment by press time.
Shayne Caffrey, marketing manager and cybersecurity awareness training lead for LeeShanok Network Solutions, echoed what Graff Diamonds said it its statement—ransom payouts like this are fairly common today.
“Deciding whether to pay the ransom is a cost/benefit analysis. It can make a lot of sense to pay up when you can’t safely restore from a backup,” he said in an email to National Jeweler.
Once a business does decide to pay, it becomes a negotiation, going back and forth on price like in any deal until it becomes worth it for both sides.
“In this case, the initial $15 million demand may not have been worth it, but $7.5 million was,” Caffrey said. “Hackers would rather get something than nothing. This calculated approach means ransoms get paid more often than any of us would like.”
He also noted there’s rarely a guarantee that hackers will unencrypt the data even once the ransom is paid.
Caffey offered businesses two recommendations to reduce the chances of becoming a victim of cybercrime.
The first is to require every employee to undergo cybersecurity awareness training annually, with a particular focus on phishing prevention.
According to IBM, 95 percent of breaches result from human error, and the only way to fix that is through education, he noted.
But rather than using the common online training modules, Caffrey suggested bringing in a cybersecurity expert to deliver a live training, either in-person or virtually.
“In my experience, those trainings are much stickier.”
The second tip is to create a strong Backup and Disaster Recovery (BCDR) Strategy.
“Implementing these strategies can seem expensive on the surface, but they are often a fraction of the cost of paying a ransom, or even paying increased insurance premiums after a breach,” Caffrey said.
“Plus, it feels a lot better to restore your environment to a pre-ransomware instance than to reward the hackers by paying a ransom.”
More tips businesses can use to protect themselves from the Jewelers Security Alliance can be found in National Jeweler’s original story reporting on the Graff attack.
The Latest

JSA’s Scott Guginsky provided a list of nine security measures jewelers should observe while locking up for the long weekend.

From Lau’s “Love of a Kind” series, the engagement ring was inspired by the moon and holds a different meaning depending on how it is worn.

The lab has adjusted the scale it uses for nacre grading.

More shoppers are walking out without buying. Here’s how smart jewelers can bring them back—and the tool they need to do it right.

Sponsored by GCAL by Sarine


David Walton will serve three years’ probation after an incident in a hotel bar led to the death of West Virginia jeweler David Ettinger.

The retailer also provided an update on how the tariffs situation in the U.S. is affecting its business.

Gain access to the most exclusive and coveted antique pieces from trusted dealers during Las Vegas Jewelry Week.

The family-owned jeweler in Great Falls, Virginia, will be celebrating its golden jubilee with a year’s worth of events.

The nonprofit elected five judges who will decide the winners of its design competition.

This year’s edition includes articles on the favorite tools of notable designers, evaluating when to outsource production, and more.

The jeweler’s high jewelry collection features extraordinary gemstones, like a 241.06-carat emerald and the world’s fourth-largest spinel.

In a special column for the State of the Majors, Edahn Golan breaks down what the top-performing fine jewelry sellers are doing right.

The bolo tie necklace is inspired by “Queen Bey” and set with a nearly 15-carat black diamond.

The nonprofit focused on mining communities in East Africa has added three new members to its advisory council.

Current Diamond Council of America President and CEO Terry Chandler is set to retire in January 2026.

The company's Series A shares will continue to trade following a reverse stock split while its Series B shares will be delisted.

Communicating clearly with your staff is key to navigating turbulent times, writes columnist Peter Smith.

The “Inner Journey” collection debuted as the brand celebrated its 25th anniversary, with designs inspired by Morais’ journey.

Tanishq is expanding its presence in the United States with a new store in Santa Clara, California, which is its largest in the country.

Sales for Richemont’s four jewelry brands increased 8 percent, while watch sales picked up toward the end of the year.

Two scholarships are available, one for new and non-members and another for NAJA certified members.

The retailer’s new flagship is set to open in October at the Tuscan Village development in Salem, New Hampshire.

Sapphires, emeralds, and rubies are finding their place in a U.S. market captivated by the gemstones once referred to as “semi-precious.”

Plus, parent company Saks Global announces plans to cut ties with up to 600 vendors.

Peter Smith joined Michelle Graff to chat about the state of brick-and-mortar stores and share a few book and podcast recommendations.

The necklace features a candy-colored Australian white opal in 18-karat Fairmined gold, as the brand was named a Fairmined ambassador.