MediaMarkt, the Europe’s number one consumer online retailer, has admitted that its IT infrastructure is working abnormally under the influence of a sophisticated cyber attack that appears to be of ransomware variant.
The file encrypting malware attack started on Monday morning this week when several employees were unable to access systems and were informed not to use the billing machines until further instructions.
Because of this attack, customers going for a purchase at the physical premises of the store located across Netherlands, Belgium and Germany were asked to come again for returns or picking up their packages booked online. The points accumulated on their loyalty cards might also take some to reflect and redemption of gift vouchers have been halted.
Hive Ransomware gang is suspected to be behind the incident that locked down over 3200 servers related to Media Markt, as the hackers have encrypted even the backups meant to recover data when any untoward situation arises.
On the condition of anonymity, sources from the retail giant have reported to Cybersecurity insiders that its IT staff are working on negotiating a deal with the hackers who demanded $250 million as ransom on an initial note. But later chose to readily decrease the ransom demand to $50 million to be paid only in Bitcoins….a $200m dollar slash down….surprising isn’t it?
Note- Hive ransomware spreading group indulges in double extortion tactics, where they first steal data from a critical server of their target and then encrypt it until a ransom is paid. The said malware spreading gang was seen targeting healthcare related firms so far. But now it seems to have shifted its focus towards retail chain businesses.