Fawry issues Conclusion of cybersecurity investigation

Cairo 26 November 2023 :

Fawry has now completed a comprehensive investigation and analysis of its cybersecurity infrastructure, following speculation earlier this month about a breach of its systems by ransomware attacker LockBit.

Fawry engaged Group-IB, a leading creator of cybersecurity technologies that investigates, prevents and fights digital crime, to investigate an incident after the ransomware group LockBit published a data sample on its dedicated leak site on November 8th, which was allegedly stolen during a breach of Fawry’s infrastructure.

As of November 24, Group-IB’s Digital Forensics and Incident Response (DFIR) team has confirmed that Fawry’s production segment, the live environment which hosts the myfawry, banking applications, Acceptance, Retail and Fawry Plus, was out of scope of the LockBit ransomware attack and not subject to a breach.

This assessment supports Fawry’s initial announcement of November 10 that its live production environment had not been subject to a breach and that no banking and card data have been exfiltrated from the platform.

They have also confirmed, however, that an isolated part of Fawry’s testing environment, which is used to model and trial changes to its platform, and is completely isolated from its production environment has been subject to a previous attack.

The attack successfully encrypted some files and allegedly exfiltrated data. Fawry remains confident that this data will not impact financial transactions on its platform, but the company believes it may have included the personal details of some customers whose information had been on the testing platform as part of a system migration projects.

These details include contact information such as addresses and phone numbers, in addition to customers’ dates of birth. While they do not pose a security risk to financial transactions, if any customer is concerned about their account, advice is available on the Fawry.com website, or by calling the Fawry customer care center.

Group-IB has also deployed its latest proprietary advanced monitoring technologies solution across 100% of Fawry’s server infrastructure. Both segments – production and testing environments – are clean as of November 24 of LockBit presence. The Fawry team has performed a 100% incident eradication of observed indicators of LockBit code, and Group-IB experts have confirmed the completion of the network cleanup.