Walmart, a US-based multi-national supermarket store with an estimated annual revenue of $572.8B, has been allegedly breached by the Yanluowang ransomware group. The threat group claimed to have encrypted thousands of the retail firm’s computers, which Walmart had immediately falsified.
According to a statement released by the retail giant, its IT team has monitored their systems daily, finding the threat group’s claim untrue.
On the other hand, the Yanluowang group said that 40,000-50,000 of Walmart’s computers were encrypted, threatening to publish their data if the firm refused to cooperate. Nonetheless, the retail giant insisted on denying the alleged attack, noting that its security team had not detected any malicious activity from any threat actor and their computers remain safe.
The Yanluowang group have requested a ransom amounting to $55M from Walmart.
Yanluowang first announced its attack against the retail giant by posting a statement on their leak site. According to the post, they encrypted Walmart’s computers, but the firm refused to cooperate, thus forcing them to publish the news and some data samples on their site.
The threat group also reached out to security researchers and clarified that they have not stolen any data from the retail giant but have successfully encrypted their devices. The demand for a $55 million ransom, however, was snubbed by Walmart.
The leaked samples on Yanluowang’s site allegedly include data harvested from Walmart’s Windows domain during the attack, which consisted of a security certificate, domain users list, and a report about the output from a ‘Kerberoasting attack.’
The Kerberoasting post-exploitation attack technique is performed by cybercriminals that have gained access to a victim’s network that allow them to collect Windows services accounts and their hashed NTLM passwords. Once the attackers have cracked the plaintext passwords, they will exploit them to elevate their privileges inside the Windows domain.
There are no further comments about the incident sent by the retail giant. Hence, the leaked data by Yanluowang remained unverified whether it was legitimate or a mere empty threat.
