Egregor Ransomware locks down retail giant billing machines

461

Egregor ransomware that has a history of targeting multinational organizations operating across the world has this time hit South American retail giant Cencosud. And what’s interesting in this hacking and encryption drama is that the ransom notes are not only being displayed on the infected windows machines, but are also seen displayed at the checkout machines used at the retail outlets in Chine and Argentina.

Cencosud is yet to react to the speculations being circulated in the media. But a spokesperson confirmed that the digital infrastructure of the company was down because of a technical issue, and the IT staff of the company was looking for a fix as quickly as possible.


A video published on Bleeping Computer shows us the evidence that the billing machines are spitting out the ransom note that clearly proves that whole of the data has been encrypted.

The ransom note is demanding the victim to contact the hackers within 3 days to fix the issue. Or else those spreading Egregor claim to sell the data on the dark web after the specified time frame.

Security analysts say that since September 2020, Egregor operations witnessed a steady raise after the retirement declared by Maze Ransomware gang. And some feel that the said ransomware group is targeting companies that Maze previously targeted but failed in encrypting the data.

Note- Till date, Egregor apparently targeted around 52 companies and this includes some big names such as Foxtons Group, Barnes & Noble, Crytek, Ubisoft, Granite Gear LLC, Diana Shipping, Talon Commercial Services, Eros Group, Louis Berger, AEON Co, Emirates Fire Fighting Services, ClearPath Security LLC, and GEFCO.