The Egregor ransomware has attacked the Chilean multinational retail corporation Cencosud, which affected its stores’ services.
Cencosud hit by Ransomware
With over 140,000 staff and a turnover of $15 billion in 2019, Cencosud is one of Latin America’s leading retail companies. Cencosud operates several store chains, including Easy home goods, Jumbo supermarkets and the Paris department stores, in Argentina, Brazil, Chile, Colombia and Peru.
The company was just hit by a ransomware attack this weekend and had its operations affected due to encrypted devices in the retail outlets. It has been announced that, retail outlets are still accessible, but some facilities are affected.
As per the reports, shoppers in some of the shops have been warned with a notification that services such as accepting their “Cencosud cards”, accepting returns and taking online orders may not be accessible due to technical issues.
The Egregor Ransomware
As soon as the attack was announced, security researchers from BleepingComputer have obtained and analyzed the ransom notification displayed by the malware and have confirmed that the strike on Cencosud was carried out by Egregor ransomware. According to them, the malware had the Cencosud Windows domain at its target.The attacked retail company, however, hasn’t officially named the malware responsible for the assult yet.
Egregor is a newly reported threat that operates as a ransomware-as-a-service (RaaS) and is known in the cybersecurity circles from the middle of September this year. This new RaaS seems to be gaining popularity among threat actors as more and more hackers are turning to it nowadays.
It has been reported that, as Cencosud’s devices were encrypted by Egregor, the printers in several retail stores located in Argentina and Chile started printing out ransom-demanding notes.
This printing fuction is a recognized “feature” of the Egregor Ransomware program. Once the data on a given computer has been encrypted, ransom notes would immediately be printed on the attached printers. If the attack is carried out on an entire network of computers, this may result in thousands of ransom notes being printed out through the company.
Unlike other ransomware assults where the ransom note contains links that prove the theft of data, the Egregor’s ransom note doesn’t have any but this ransomware service is known for secretly stealing unencrypted information before deploying the malware.
So far, Cencosud has not come up with more details on the attack and it is yet to be clarified how exactly the compromise has happened. The amount of the ransom demanded has also not been disclosed, neither the data that has been affected.