Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

Egyptian E-Payment Vendor Recovering From LockBit Ransomware Attack

Fawry confirms addresses, phone numbers, and dates of birth, leaked online.

Georgia Lewis, Contributing Writer

November 28, 2023

2 Min Read
Egypt flag with binary code running vertically and hooded figures in the background
Source: 3D generator via Alamy Stock Photo

The LockBit 3.0 ransomware group successfully encrypted files and also allegedly exfiltrated data from Egyptian e-payment provider Fawry.

Word of the breach went public when LockBit published on its dedicated leak site on Nov. 8 a sample of data that was allegedly stolen during the breach of Fawry’s infrastructure. The following day, cybersecurity monitoring platform Hackmanac claimed that the LockBit 3.0 ransomware attack had extracted the personal details of Fawry customers, leading to multiple banks advising customers to remove their account information from Fawry's platform. 

Hit Files and Data

In a statement this week about the attack, Fawry said: "Fawry remains confident that this data will not impact financial transactions on its platform, but the company believes it may have included the personal details of some customers whose information had been on the testing platform as part of a system migration project." It also confirmed that some of the leaked details include addresses, phone numbers, and dates of birth.

Group-IB was called in to investigate the incident on Nov. 9, and over three days, it deployed "proprietary advanced cybersecurity solutions across 100% of Fawry’s server infrastructure," declaring the production and testing environments to be "clean as of Nov. 23 of LockBit presence."

Anurag Gurtu, CPO and co-founder of StrikeReady, says the Fawry cyberattack is notable for several reasons, including that the breach occurred in an isolated part of Fawry's network.

He describes Fawry’s response to the breach as "proactive" given that it employed a cybersecurity firm to investigate the attack. Gurtu recommends that other financial services entities consider the impact of this incident, and for them to take "precautionary measures to protect against potential data misuse."

However, Sumatra Sarkar, associate professor at the School of Management at Binghamton State University of New York, criticized Group-IB and Fawry for the "limited information" released, making it "challenging to assess the adequacy of the response to the incident."

About the Author

Georgia Lewis

Contributing Writer, Freelance writer

Georgia has worked in Australia, the Middle East and the UK, writing about a wide range of industry sectors, including technology, energy and automotive. She is now a freelance tech journalist based in London.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights