MediaMarkt under ransomware attack, required over $ 200 million
MediaMarkt under ransomware attack
MediaMarkt, one of the largest European distributors of consumer electronics, with over 1,000 stores located in 13 countries for a total of approximately 53,000 employees and total sales of 20.8 billion euros, was recently the victim, from Saturday evening to Monday morning. , of a ransomare attack by Hive that caused problems and the need to shut down computer systems in the Netherlands and Germany.#MediaMarkt / #Saturn gerade scheinbar in ganz DE und NL von #Ransomware betroffen.
Alle Kassen still, nichts läuft, sieht nicht gut aus pic.twitter.com/OR4stCaTT6
- Hozan Murad ☀️ (@HozanMurad) November 8, 2021
According to colleagues at BleepingComputer, the attack involved several of the group's stores in Europe, especially in the Netherlands. Although online sales continued quietly, cash registers in stores could not accept credit cards or print receipts. Furthermore, it was not possible to make returns due to the inability to consult previous purchases made by customers.
According to a message posted on Twitter concerning an alleged internal communication, it seems that 3,100 servers were involved in this attack , for which the authors demanded $ 240 million in ransom money for sending a program capable of decrypting files. The figure seems rather disproportionate, but the bad guys often propose a very high amount initially and then proceed to bargaining and subsequently accept a lower ransom.
We do not know if the data, before being encrypted, is been stolen, but usually this ransomware is known to steal the files and post them on the “HiveLeaks” site in case the ransom is not paid. This was MediaMarkt's comment on what happened:
The MediaMarktSaturn Retail Group and its national organizations have become the target of a cyber attack. The company has immediately informed the competent authorities and is working at full speed to identify the affected systems and repair any damage caused as quickly as possible. In physical stores, there may be limited access to some services at the moment.
MediaMarktSaturn continues to be available to its customers across all sales channels and is working intensively to ensure that all services are available again without restrictions as soon as possible.
The company will provide information on further developments on the subject.
US targets DarkSide ransomware, rebrands with $10 million reward
The US government is targeting the DarkSide ransomware and its rebrands with up to a $10,000,000 reward for information leading to the identification or arrest of members of the operation.
The US Department of State announced today that they are now offering a $10,000,000 reward for the identification or location of DarkSide ransomware members operating in key leadership positions.
A reward of $5,000,000 is also being offered for information leading to the arrest of any individual who attempts to participate in a Darkside attack.
'In addition, the Department is also offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident,' announced the Department of State.
Tips can be submitted to the FBI at https://tips.fbi.gov or via WhatsApps, Telegram, and Signal.
As the announcement states 'DarkSide variant ransomware,' this reward will also apply to DarkSide rebrands, including the ransomware gang's most recent BlackMatter operation.
When ransomware operations begin to feel the heat of law enforcement after attacking a highly sensitive organization, it is common for them to rebrand under a different name.
DarkSide rebranded as BlackMatter after attacking the Colonial Pipeline and feeling the full scrutiny of international law enforcement.
Similarly, other ransomware operations have also rebranded in the past, including:
Yesterday, BleepingComputer reported that BlackMatter also shut down their operation after feeling 'pressure from the authorities' and gang members going missing.
Today's Department of State bounty on DarkSide clearly shows that switching to a different ransomware name will not stop law enforcement from pursuing them.
This reward is offered as part of the Department of State’s Transnational Organized Crime Rewards Program (TOCRP).
'The program gives the Secretary of State statutory authority to offer rewards of up to $25 million for information leading to several desired law enforcement objectives, including the arrest and/or conviction in any country of any individuals participating in, or conspiring to participate in transnational organized crime; the disruption of financial mechanisms of a transnational organized crime group; and the identification or location of an individual who holds a key leadership position in a transnational organized crime group,' reads the program's description.
The US government is also offering a $10 million reward for information on state-sponsored hackers targeting US critical infrastructure.
With these large rewards, the US government hopes hackers will turn on each other and get a legal, stress-free payout.