Zaha Hadid Architects has warned other architecture and design practices to be alert for cyber hackers during the coronavirus pandemic after its servers were hacked and ransomed.

The firm discovered that a computer in its London office had been remotely accessed last week. It later received a message on its server saying internal company data had been encrypted and would only be released if it negotiated a ransom settlement with the cyber hackers.

ZHA declined and contacted a cyber-forensics team to investigate. It told Architect’s Journal that its story should serve as a cautionary tale for other practices.

“With all our 348 London-based staff working from home during this pandemic and cyber criminals poised to exploit the situation, we strongly advise the architectural community to be extremely cautious,” it said.

“We immediately worked to secure our network and reported the incident to the authorities. With minimal disruption to the work of our teams, we continue to investigate any criminal theft of data with cyber specialists.”

A now-deleted tweet from an anonymous account on Thursday included screenshots of hacked payroll and cash book information, but while ZHA said it didn’t know how much information had been taken, it was confident no project data has been stolen or interfered with.

The practice asked staff to change its passwords and was able to return to working remotely by accessing backed up copies of the stolen data.

Cybercriminals use ransomware campaigns to extort money from victims by encrypting organisations or individuals’ data, or otherwise rendering their systems unusable. 

This type of cyber crime is on the rise with the average cost to a business in Australia estimated to be around $276,000.

The Australian Signals Directorate’s Australian Cyber Security Centre has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate incidents caused by various cyber threats. 

It recommends improving security by making strong passwords, using an up-to-date virus scanner, making sure wireless internet networks are password protected and secure, using two-factor authentication software and regularly updating operating systems.

Lead photograph: Christopher Gower.