This article is more than 1 year old

Posh Spice's perfume people pop up in Maze ransomware gang extortion effort

♫ Now don't go wasting my precious time! Pay the ransom quickly and we'll be just fine ♫ (no, don't)

The Maze ransomware gang has struck again – this time targeting an American M&A practice which counts former Spice Girl Victoria Beckham as one of its clients.

Posh Spice's corporate tentacle, which flogs perfume and suchlike to the great unwashed, is a client of Threadstone Advisors LLP, a New York corporate advisory firm specialising in mergers 'n' acquisitions.

The Maze ransomware gang, which has made a habit over the last few months of targeting ever-higher profile targets to extort money out of them, posted what appeared to be files extracted from Threadstone's servers on its dark web blog.

Among those were the name, phone number and office address of someone appearing to be the practice's managing director. Meanwhile, Threadstone's website prominently boasts of having Victoria Beckham as a client on its homepage.

Screenshot of Threadstone Partners' homepage with Victoria Beckham listed as a client

Screenshot of Threadstone Partners' homepage with Victoria Beckham listed as a client

Neither Victoria Beckham's people nor Threadstone responded to The Register's emailed questions about the apparent breach.

"I'll tell you what I want, what I really, really want – for companies to bolster their security so they do not find themselves in the position of needing to pay ransom demands," said infosec firm Emsisoft's threat analyst Brett Callow, despite our best efforts to stop him.

He added: "While companies continue to pay, the attacks will continue. And as the amounts demanded are constantly increasing, the crims have more and more to invest in ramping up their operations in terms of both scale and sophistication – which means more victims and even more for the crims to invest. The only way to reverse this trend is to cut off the cash flow."

While there is nothing to suggest that Threadstone or Posh Spice have paid any ransom demands yet, nor that they plan to, the typical ransomware crook only begins selective leaking in an effort to apply further pressure to the target in the hope of securing a bribe not to publicly disclose stolen data.

In the rarefied world of corporate M&A in the fashion industry, plenty of corporate secrets – chiefly, prices paid and breakdowns revealing the valuation of individual product lines, brand names or business units – would be of great interest to the market at large.

British government advice is never to pay a ransom or engage with ransomware crooks. Paying them, as Emsisoft's Callow observed, merely fuels their criminality. Keep frequent backups and test your ability to rebuild from those backups, right from the bare bones if need be. ®

More about

More about

More about


Send us news

Other stories you might like