Zaha Hadid Architects held to ransom by cybercriminals

Guest post by Michael Prewett.

This is definitely not something you want to see when you turn on your computer Monday morning! This screenshot is from the infamous NotPetya Ransomware that wreaked havoc on the world mid-2017, causing approximately $10 billion dollars’ worth of damage to businesses worldwide.

Ransomware has continued to rise in popularity as the tool of choice for cyber-criminals and unfortunately has gone from an “It will never happen to me” to a “When might it happen to me?” question for most businesses. It doesn’t matter how big or small your business is, or whether you hold valuable information, the aim is to stop you from accessing the files that matter to you.

The idea behind ransomware, a form of malicious software, is simple: Lock and encrypt a victim’s computer or device data, then demand a ransom to restore access. Additionally, ransomware gangs are now purportedly also releasing stolen information on the dark web if the ransom demands are not paid.

For those in the AEC industry, it’s particularly notable that Zaha Hadid Architects (ZHA) suffered a ransomware attack on April 21, after finding messages left on its server saying internal company data had been encrypted and would only be released if it negotiated a ransom settlement with the cyber criminal. A spokesperson from the firm issued the below statement1

“With all our 348 London-based staff working from home during this pandemic and cybercriminals poised to exploit the situation, we strongly advise the architectural community to be extremely cautious.”

Fortunately, ZHA was in a good position as the data was backed up so the encryption of some server information was not a serious problem. It is unknown though, how much information has been stolen. Additionally, its employees were locked out of the server and forced to reset passwords and as such there was significant downtime and therefore lost revenue in order to remedy the situation.

Initially the firm had not notified their clients as they could not guarantee the security of its communication systems but later issued the following:

“Data protection and privacy is extremely important to us and this is why we regretfully have to announce that on 21 April we experienced a security breach and theft of data in a ransomware attack.”

“We immediately worked to secure our network and reported the incident to the authorities. With minimal disruption to the work of our teams, we continue to investigate any criminal theft of data with cyber specialists.”

In Australia, legislation requires any data breaches must be reported to the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breach Scheme.2

Unfortunately, there is no “magic bullet” for defeating ransomware but there are some helpful guidelines published by the Australian Government that can help put your company in a strong position to minimise the risks these attacks pose.

This list is called The Essential Eight3 and covers items such as using Multi-Factor Authentication, having Daily backups and restricting applications on your computers.

If you would like help reviewing your cybersecurity posture – please contact us on 1300 735 926 or email us at



More about Michael

Michael Prewett is passionate about cyber security, innovation and new technology, and how to apply it to real world business cases. He also likes to find ways to use existing technology in new ways to improve the customer experience.

You can connect with him on LinkedIn at