MediaMarkt was hit by a ransomware attack late Sunday night into Monday morning, encrypting servers and workstations and forcing the company’s IT infrastructure to be shut down to prevent the attack from spreading.
According to BleepingComputer, the attack hit a number of retail outlets across Europe, particularly in the Netherlands.
While online sales continue to operate normally, cash registers at affected establishments are unable to accept credit cards or produce receipts. Due to the inability to look up past transactions, the system outage is also limiting returns.
Internal MediaMarkt messages, according to local media, advise employees to avoid encrypted systems and disconnect cash registers from the network.
According to screenshots of suspected internal exchanges posted on Twitter, the hack compromised 3,100 servers. However, at this time, BleepingComputer has been unable to verify those claims.
The Hive Ransomware operation is behind the attack, according to BleepingComputer, and requested a massive, but unrealistic, $240 million ransom to acquire a decryptor for encrypted files.
Ransomware gangs frequently demand high ransoms at first to allow for negotiation, and they usually only get a portion of what they seek. However, BleepingComputer has been told that during the attack on MediaMarkt, it was nearly automatically lowered to a significantly smaller quantity.
Hive ransomware is a relatively new operation that began in June 2021 and has been known to infiltrate organisations via malware-laced phishing tactics.
Threat actors will migrate laterally around a network after gaining access to it, taking unencrypted files to be utilised in extortion demands.
When they acquire admin access to a Windows domain controller, they use the ransomware to encrypt all devices on the network.
The ransomware group is infamous for searching for and deleting backups in order to prevent the victim from recovering their data.