LockBit Saga Unfolds: Fawry Claims Live System Integrity, Acknowledges Testing Environment Breach

Fawry has successfully concluded an extensive investigation and analysis of its cybersecurity infrastructure in response to recent speculation regarding a potential breach by the ransomware attacker, LockBit.

To address the incident, Fawry enlisted the expertise of Group-IB, a renowned cybersecurity technology creator specializing in the prevention, investigation, and combatting of digital crime. The need for investigation arose when LockBit published a data sample on its dedicated leak site on November 8th, claiming it was obtained during a breach of Fawry’s infrastructure.

As of November 24, Group-IB’s Digital Forensics and Incident Response (DFIR) team has definitively confirmed that Fawry’s production segment, which encompasses the live environment hosting myfawry, banking applications, Acceptance, Retail, and Fawry Plus, remained unaffected by the LockBit ransomware attack and experienced no breach.

read also Egyptian FinTech Fawry and Group-IB Jointly Confirm System Security Amidst Recent Controversy

This confirmation aligns with Fawry’s initial announcement on November 10, asserting that its live production environment had not been compromised, and no banking or card data had been illicitly accessed or exfiltrated.

However, the investigation revealed that an isolated section of Fawry’s testing environment, designed for modeling and trialing changes to the platform and entirely separate from the production environment, had been subject to a prior attack. This attack successfully encrypted certain files and purportedly exfiltrated data.

Fawry maintains confidence that this compromised data will not impact financial transactions on its platform. Nevertheless, the company acknowledges the possibility that it may include personal details of certain customers whose information was present on the testing platform as part of system migration projects. This information encompasses contact details such as addresses and phone numbers, along with customers’ dates of birth. While these details do not pose a security risk to financial transactions, Fawry advises concerned customers to seek guidance on the Fawry.com website or by contacting the Fawry customer care center.

read also PepsiCo Invests in South African Agritech Startup Khula to Support Expansion

Group-IB has further implemented its proprietary advanced monitoring technology solution across 100% of Fawry’s server infrastructure. Both the production and testing environments have been confirmed as clean as of November 24, with no presence of LockBit. The Fawry team has executed a 100% eradication of observed LockBit code indicators, and Group-IB experts have verified the successful completion of the network cleanup.

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer, who has several years of experience working in Africa’s burgeoning tech startup industry. He has closed multi-million dollar deals bordering on venture capital, private equity, intellectual property (trademark, patent or design, etc.), mergers and acquisitions, in countries such as in the Delaware, New York, UK, Singapore, British Virgin Islands, South Africa, Nigeria etc. He’s also a corporate governance and cross-border data privacy and tax expert. 
As an award-winning writer and researcher, he is passionate about telling the African startup story, and is one of the continent’s pioneers in this regard