One of Europe’s largest electronic retail companies called MediaMarkt has suffered an attack courtesy of the threat group known as Hive ransomware. They are now facing a ransom demand of $240 million.
The attack caused a major IT systems shutdown and store operations disrupted across Germany and the Dutch country. MediaMarkt is one of Europe’s biggest electronics retailers that comprises about 50,000 employees, a thousand stores across the European continent and a total of over 20 billion euros in sales.
MediaMarkt is another Hive ransomware victim.
MediaMarkt operations were crippled after suffering a ransomware attack last Sunday evening, which resulted in encrypted servers and workstations. The company forced the IT systems to shut down to stop the spread of the said ransomware. It is believed that the attack impacted a massive number of retail stores across Europe, especially the stores located in the Netherlands.
Although online sales are not affected and continue their transactions, physical cash registers cannot accept credit cards or provide receipts at compromised stores. The system outage also caused the prevention of accessing the previous purchases. Furthermore, MediaMarkt communication advised all employees to avoid encrypted systems and cut all cash registers from the networks to prevent infections.
According to a Twitter post, internal communication says that the recent attack impacted over 3,000 servers.
Hive Ransomware is asking for what seems to be an impossible amount. Some security firms confirmed that the Hive ransomware operators were the culprits of the attack and demanded an absurd amount of $240 million ransom in exchange for a decryptor for encrypted stolen files.
However, this ridiculous asking price is just a typical negotiation technique used by malicious threat actors to save room for negotiations. Researchers received a tip that the 240 million asking prices are now considerably lower after a few talks. As of now, it is not sure if the unencrypted files have been stolen or not, but Hive ransomware tends to publish stolen files on HiveLeaks if the ransom they are demanding is not paid.
According to MediaMarktSaturn Retail Group’s reply to one of the researcher inquiries, they said that the national organization became the target of a cyberattack. Still, their company immediately reached out to responsible authorities. They added that every concerned affiliate is working diligently to identify the impacted system and promptly repair any damages.
Finally, they also stated that they are doing their best to repair all necessary systems to get back to their regular operations as soon as possible.