Egypt’s Fawry unveils results of cybersecurity probe after Nov. 8 ransomware attack news

Egyptian e-payment giant, Fawry announced on Sunday the completion of a comprehensive investigation and analysis of its cybersecurity infrastructure after news circulating earlier this month about a breach of its systems by ransomware attacker LockBit.

The investigation saw Fawry engage Group-IB, a renowned creator of cybersecurity technologies that investigates, prevents and fights digital crime, in order to investigate an incident after LockBit published a data sample on its dedicated leak site on November 8, which was allegedly stolen during a breach of Fawry’s infrastructure.

As of November 24, Group-IB’s Digital Forensics and Incident Response (DFIR) team has confirmed that Fawry’s production segment, the live environment which hosts the myfawry, banking applications, Acceptance, Retail and Fawry Plus, was out of scope of the LockBit ransomware attack and not subject to a breach, the statement read.

This assessment supports Fawry’s initial November 9 announcement that its live production environment had not been subject to a breach and that no banking and card data have been exfiltrated from the platform.

The team also confirmed, however, that an isolated part of Fawry’s testing environment, which is used to model and trial changes to its platform, and is completely isolated from its production environment has been subject to a previous attack.

The ransomware attack successfully encrypted some files and allegedly exfiltrated data. Fawry remains confident that the exfiltrated data will not impact financial transactions on its platform. However, the company believes it may have included the personal details of some customers whose information had been on the testing platform as part of a system migration projects.

These details include contact information such as customers’ addresses, phone numbers, and dates of birth.  While they do not pose a security risk to financial transactions, if any customer is concerned about their account, advice is available on Fawry’s website, or by calling the Fawry customer care centre.

Group-IB also deployed its most up-to-date proprietary advanced monitoring technologies solution across 100 percent of Fawry’s server infrastructure. Both segments – production and testing environments – are clean as of November 24 of LockBit presence. The Fawry team performed a 100 percent incident eradication of observed indicators of LockBit code, and Group-IB experts also confirmed the completion of the network cleanup.