Group-IB DFIR team contracted by Fawry to provide incident response support following LockBit attack

Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has been contracted by Fawry, one of the largest Egyptian e-payment companies, to investigate an incident after the ransomware group LockBit, on November 8 published on its dedicated leak site (DLS) a sample of data allegedly stolen during a breach of Fawry’s infrastructure.

Fawry selected Group-IB, which has more than two decades of Incident Response experience, due to Group-IB’s specialization in solving highly complicated cases and the fact that Group-IB Threat Intelligence has tracked LockBit since the group’s inception. Both Group-IB and Fawry coordinated on and consented to the publication of this statement.

As of November 24, Group-IB’s Digital Forensics and Incident Response (DFIR) team can confirm Fawry’s production segment was out of scope of the LockBit ransomware attack, and that data was exfiltrated from Fawry’s testing environment during a past attack.

Group-IB’s DFIR team started its incident response engagement on November 9. Over the course of three days, they deployed the company’s proprietary advanced monitoring solutions across 100% of Fawry’s server infrastructure. Both segments — production and testing environment — are clean as of November 24 of LockBit presence. The Fawry team has performed 100% incident eradication for observed indicators of LockBit compromise, and Group-IB experts confirmed the completion of network cleanup.

At the time of writing, Group-IB’s advanced monitoring solutions are covering 100% of Fawry’s production and testing environments, as confirmed by Fawry’s infrastructure team.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.