Randstad’s investigation has revealed that the Egregor group, which has rapidly gained notoriety worldwide since it was first observed in late September, was behind the attack. A Randstad spokeswoman told recruiter.co.uk that the malicious activity in its IT environment was first noticed on 28 October.

“An internal investigation… was launched immediately with our 24/7 incident response team. Third-party cyber security and forensic experts were engaged to assist with the investigation and remediation of the incident,” a Randstad statement said. 

“Prompt global action was taken to mitigate the incident while further protecting Randstad’s systems, operations and data. As a result, a limited number of servers were impacted. Our systems have continued running without interruption and there has not been any disruption to any of our operations.”

“To date,” the statement said, “our investigation has revealed that the Egregor group obtained unauthorised and unlawful access to our global IT environment and to certain data, in particular related to our operations in the US, Poland, Italy and France. They have now published what is claimed to be a subset of that data.

“The investigation is ongoing to identify what data has been accessed, including personal data, so that we can take appropriate action with regard to identifying and notifying relevant parties.”

According to the website Bleeping Computer, Egregor is “a new organised cybercrime operation that partners with affiliates to hack into networks and deploy their ransomware. As part of this arrangement, affiliates earn 70% of ransom payments they generate, and the Egregor operators make a 30% revenue share”. 

Bleeping Computer also reports that Egregor is the only ransomware known to run scripts that print bomb ransom notes to available printers to draw public attention to the attack.

The Digital Shadows website said Egregor has a practice of “leaking companies’ sensitive data on a dark web-based ‘News’ website”. 

Within the last two days, Egregor cyber attacks have been reported on the high-profile Kmart retail chain and the Vancouver, British Columbia’s Metro Link transit system. By 17 November, the Egregor group had named 71 victims across 19 different industry verticals, Digital Shadows said.

The malware has a double-extortion ransomware model in which they complete a breach and then start to release data easily traceable to the victim organisation as proof while demanding a significant ransom sum to be paid in exchange for not releasing more, Digital Shadows said.

• Comment below on this story. Or let us know what you think by emailing us at [email protected] or tweet us to tell us your thoughts or share this story with a friend.