Chilean-based retail giant Cencosud hit by Egregor Ransomware

Pierluigi Paganini November 15, 2020

Chilean-based retail giant Cencosud has suffered a ransomware attack that impacted operations at its stores, Egregor ransomware appears to be involved.

A ransomware attack, allegedly launched by the Egregor ransomware gang, hit the Chilean-based retail giant Cencosud, the incident impacted operations at its stores.

Cencosud the largest retail company in Chile and the third largest listed retail company in Latin America, competing with the Brazilian Companhia Brasileira de Distribuição and the Mexican Walmart de México y Centroamérica as one of the largest retail companies in the region. The company has more than 1045 stores in Latin America (Argentina, Brazil, Chile, Colombia, and Peru) with over 140,000 employees and $15 billion in revenue for 2019. The company’s stores include Easy home goods, Jumbo, Paris, Costanera Center, Santa Isabel, Vea, Disco, Metro, Johnson and Shopping Center.

“The Chilean multinational Cencosud (Centros Comerciales Sudamericanos SA) was hacked by cybercriminals who would have in their possession information from customers of supermarkets such as Disco, Jumbo and Vea and would ask for millions of dollars to return it.” reads the post published by the Argentinian media outlet Clarín.

The incident took place this week, according to local media and Bleeping Computer, customets could not use the ‘Cencosud Card’ credit card or pickup their web purchases at the impated stores due to the reansomware attack.

Clarins website pointed out that Cencosud has its own credit card, this means that threat actors could use the stolen information to make purchases and thus steal money from customers.

BleepingComputer was the first to confirm that the retail giant was hit by Egregor ransomware after it obtained the ransom note.

“After learning of the attack, BleepingComputer obtain the ransom note and can confirm it was conducted by Egregor and targeted the ‘Cencosud’ Windows domain.” reported Bleeping Computer.

Egregor ransomware has been active since September as a ransomware-as-a-service operation, many affiliates of the Maze ransomware operations have chosen it after Maze shut down its activities. Some of the victims of the group are Egregor Crytek, Barnes and Noble, and Ubisoft.

Malware researchers that collaborate with Bleeping Computer first speculated that other malware, such as Egregor and Sekhmet ransomware borrows the code from Maze ransomware.

Local media also reported that printers in multiple retail outlets in Chile and Argentina began printing out ransom notes while the ransomware was encrypting the systems.

“The ransom note does not provide links to proof of stolen data, but Egregor has a history of stealing unencrypted files before deploying their ransomware.” continues Bleeping Computer.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cencosud)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment