Hive Ransomware Gang Impacts MediaMarkt
The Threat Actors Initially Asked for a $240 Million Ransom.
A Hive ransomware operation hit MediaMarkt, a German multinational chain of consumer electronics stores, with the threat actors initially demanding a ransom of $240 million.
As a result of the incident, IT systems in the Netherlands and Germany were closed down, and store operations were disrupted.
What Is MediaMarkt?
According to Wikipedia, MediaMarkt is a German multinational chain of stores selling consumer electronics with 1042 locations in 14 European countries. The electronics retail giant has roughly 53,000 employees and a revenue of €20.8 billion.
Who Is Hive ransomware?
First noticed in June 2021, Hive ransomware has already impacted over 30 companies, counting only those that failed to pay the requested ransom. According to the FBI, the Hive group employs a variety of tactics, methods, and procedures to compromise targeted systems.
Hive ransomware is a data encryption malware that has come to the public’s attention through its attacks targeting the Memorial Health System where employees had to use paper charts to go on working as their computers got encrypted. Another victim was also Altus Group, where hackers stole business info and files from the software provider that was later made public on HiveLeaks.
The attack on Memorial Health System shows that, unlike some ransomware campaigns that do not encrypt medical facilities, care homes, governmental organizations, and other critical services, Hive ransomware attackers appear to have no regard for who they target.
Hive also started to encrypt Linux and FreeBSD with new malware versions designed specifically for these operating systems. According to researchers, the gang’s new encryptors are currently in development.
The Attack on MediaMarkt
A ransomware attack targeted MediaMarkt at the beginning of this week, encrypting servers and workstations, causing the outage of IT services to prevent the attack from spreading.
According to BleepingComputer, the ransomware incident hit many retail outlets across Europe, especially in the Netherlands.
While online sales continue to operate normally, cash registers at impacted stores are unable to take credit cards or print receipts. Because of the inability to search for past purchases, the system shutdown is also preventing returns.
Employees are told to stay away from encrypted systems and to turn off cash registers on the network.
According to BleepingComputer, the Hive Ransomware group is responsible for the attack, and at first, the threat actor requested an unreasonable $240 million ransom to provide a decryptor for encrypted files.
Ransomware organizations frequently ask for huge ransoms at first in order to negotiate later, and they usually only get a small percentage of the initial ransom demand.
Below you can see a Hive ransom note:
While it is unknown whether unencrypted information was stolen in the cyberattack, Hive ransomware has been known for stealing files and publishing them on their ‘HiveLeaks’ data leak site if victims fail to pay.
The MediaMarktSaturn Retail Group and its national organizations became the target of a cyberattack. The company immediately informed the relevant authorities and is working at full speed to identify the affected systems and repair any damage caused as quickly as possible. In the stationary stores, there may currently be limited access to some services.
MediaMarktSaturn continues to be available to its customers via all sales channels and is working intensively to ensure that all services will be available again without restriction as soon as possible.
The company will provide information on further developments on the topic.
How Can Heimdal™ Help?
In the fight against ransomware, Heimdal™ Security is offering its customers an outstanding integrated cybersecurity suite including the Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;