Connect with us

Hi, what are you looking for?



HR Giant Randstad Hit by Egregor Ransomware

Human resources giant Randstad last week revealed that its IT systems were targeted in a recent cyberattack involving a relatively new piece of ransomware named Egregor.

Human resources giant Randstad last week revealed that its IT systems were targeted in a recent cyberattack involving a relatively new piece of ransomware named Egregor.

Netherlands-based Randstad is one of the world’s largest HR services providers, with more than 38,000 employees and operations in nearly 40 countries. The company claims it helped over 2 million people find a job last year and it reported a revenue of €23.7 billion ($28.7 billion).

Randstad said the incident impacted a limited number of servers and its operations have not been disrupted. However, it has confirmed that the attackers have accessed some data.

The cybercriminals behind the Egregor ransomware are known to steal data in addition to using the malware to encrypt the victim’s files, in an effort to increase their chances of getting paid. If a victim refuses to pay, the hackers either leak stolen data on a website that is accessible through the Tor network or they try to sell it to others.

“To date, our investigation has revealed that the Egregor group obtained unauthorized and unlawful access to our global IT environment and to certain data, in particular related to our operations in the US, Poland, Italy and France,” Randstad said in its statement. “They have now published what is claimed to be a subset of that data. The investigation is ongoing to identify what data has been accessed, including personal data, so that we can take appropriate action with regard to identifying and notifying relevant parties.”

The hackers have so far released roughly 60Mb of information stolen from Randstad systems. The leaked files are mainly financial documents, mostly PDFs and Excel spreadsheets, which they claim represents only one percent of the stolen files.

Randstad hit by Egregor ransomware

The operators of the Egregor ransomware recently also targeted TransLink, the transportation agency of Metro Vancouver in British Columbia, Canada. TransLink has reportedly decided not to pay the ransom, but there is no mention of the company on the Egregor website so far.

Advertisement. Scroll to continue reading.

Digital Shadows, a provider of digital risk protection solutions, whose researchers have been monitoring Egregor ransomware attacks, told SecurityWeek that the cybercriminals named 176 victims on their website between September 25 and December 2. A majority of victims are in the United States (82), followed by France (19), Italy (15) and Germany (9).

Related: University Project Tracks Ransomware Attacks on Critical Infrastructure

Related: IT Services Giant Sopra Steria Hit by Ransomware

Related: Canon Says Data Stolen in August 2020 Ransomware Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...