Graff Diamonds paid millions of dollars to the Conti ransomware group — but is suing an insurer because it is refusing to cover the payout.
A luxury jeweler paid $7.5 million in Bitcoin to Russian hackers to stop confidential files from being leaked, it has emerged.
Graff Diamonds took action after confidential files relating to Donald Trump, David Beckham and Oprah Winfrey were published on the dark web.
Given how the files included invoices and receipts, the papers could have proved embarrassing if celebrities had purchased high-end jewelry for secret lovers.
The British-based firm had been targeted by the Conti ransomware group — and initially, the cybercriminals were demanding $15 million in BTC.
A new lawsuit reveals that Graff managed to negotiate with the gang, and ended up paying half of this amount.
The transaction took place on Nov. 3, 2021, when a single Bitcoin was worth $63,000. Days later, the world's biggest cryptocurrency hit a new all-time high.
Bizarrely, the hackers ended up apologizing after they released files relating to the royal families of Saudi Arabia, Qatar and the United Arab Emirates.
News of how much Graff Diamonds paid to Conti has emerged because the jeweler is now taking their insurer to court.
Graff has accused The Travelers Companies Inc. of refusing to pay out an insurance claim that covers the ransom payment to Conti.
The jeweler has alleged that the transaction could be covered under their policy — and now, legal proceedings have commenced at London's High Court.
A spokesperson told Bloomberg that the company has been "extremely frustrated and disappointed" by its insurer's actions, adding:
"The criminals threatened targeted publication of our customers' private purchases. We were determined to take all possible steps to protect their interests and so negotiated a payment which successfully neutralized that threat."
The issue of whether companies should pay crypto ransoms has sparked fierce debate.
Some cybersecurity experts warn that it emboldens cybercriminals to perform further attacks — and there are no guarantees that a threat will go away.
There have been cases where hackers have continued to demand additional payments in order to extort more money from victims.