Cencosud, one of the largest retail chains in Latin America, was hit by a ransomware attack this weekend. The perpetrators behind this were the Egregor group, who have impacted the Cencosud’s network, causing the stoppage of some services in some of its stores. It’s not known what data was encrypted and how much ransom was being demanded.
Egregor Hits Cencosud
Cencosud is a multinational company based in Chile, having branches in Columbia, Peru, Brazil, and Argentina. With over 140,000 employees and $15 billion in revenue (2019), Cencosud is one of Latin America’s largest retail chains. As per Clarín, an Argentinian media, Cencosud was hit by a ransomware group this week.
This was observed when electronic services at Easy store in Buenos Aires, part of Cencosud, stopped accepting “Cencosud Card,” pickup of web purchases and product returns. While Cencosud hasn’t balmed anyone yet, BleepingComputer claims that the Egregor ransomware group was behind this attack. It’s the same group that has hit Barnes and Noble last month.
— Daniel Monastersky (@identidadrobada) November 14, 2020
As per the ransom note obtained, they say that the Egregor group has exploited the “Cencosud” Windows domain.
There’s no mention of any links to the data they have stolen and the amount of ransom they’re asking for. Talking more about the perpetrator, Egregor initially group rose in September this year, following the Maze ransomware group’s shutdown.
It’s touted that affiliates who worked for Maze ransomware are now connected to Egregor, a ransomware-as-a-service operating with independent hackers to exploit any vulnerabilities in companies’ networks and injecting the ransomware malware to encrypt them.
The outcome of this, the ransom paid by the victim will be shared among malware creators and hackers.
Clarín has also mentioned that printers in several stores of Easy home goods in Chile and Argentina were compromised, as they began printing out ransom notes of the attack.
This is an inbuilt feature of Egregor ransomware malware as they print their ransom notes from printers connected throughout the network. It’s unknown what data was stolen and how much ransom they’re demanding.