The MediaMarkt Ransomware
MediaMarkt, one of the world’s largest electronics retailers, has been hit by the Hive ransomware, which has demanded an initial ransom of $240 million. IT systems in the Netherlands and Germany have been shut down, and shop operations have been interrupted as a result of the attack.
As per the information that has been revealed, a Hive Ransomware infected MediaMarkt’s servers and workstations late Sunday night into Monday morning, forcing the company to shut down its IT infrastructure to stop the malware from spreading.
What is Hive ransomware capable of?
Since its inception in June 2021, Hive ransomware has been used to infect enterprises through phishing scams that include malware. The threat actors typically spread the infection over a network and steal unencrypted data that later they can utilize in extortion demands.
The ransomware group has been known to search for and destroy any backups in order to prevent the victim from regaining access to their files. Aside from targeting Windows, Hive ransomware has also developed variations that encrypt Linux and FreeBSD systems.
Hive ransomware is known to steal files before applying its encryption and publish them on its “HiveLeaks” data breach site in the event of no payment of the ransom demanded by the cybercriminals.
Details about the attack
Several retail outlets in Europe, particularly in the Netherlands, were the target of the attack, according to information shared by security researchers.
Currently, affected stores’ cash registers do not accept credit cards or issue receipts. The outage of the systems caused by the ransomware also prevents refunds due to the fact that there is no access to previous purchases databases. The online sales are in operation, though, and function as normal.
The initial ransom that the Hive Ransomware gang has demanded was a hefty $240 million for a decryptor of the sealed data. Researchers are commenting that it is a common practice for many ransomware gangs to ask for unrealistically high ransom in the beginning, in order to allow room for negotiation, but they typically reduce that amount in the end.
MediaMarkt has confirmed that it has suffered a cyberattack on the MediaMarktSaturn Retail Group and its national organizations. As per the statement, the company has alerted the authorities immediately and is working at full speed to detect and recover any damage caused. As a result of the incident, some services may not be available at the shops at the moment, however, MediaMarktSaturn is hoping to be able to provide all of its services without any restrictions via all of its sales channels as soon as possible.
MediaMarkt personnel has been instructed to avoid encrypted systems and to unplug cash registers from the network, according to local media sources.
European consumer electronics giant MediaMarkt has more than 1,000 outlets across 13 countries. An estimated 53,000 people work at MediaMarkt, which generates annual revenue of €20.8 billion.