MediaMarkt suffers a ransomware attack on the eve of Black Friday

mediamarkt ataque ransomware 1000x600.jpg
mediamarkt ataque ransomware 1000x600.jpg

MediaMarkt, the German multinational consumer electronics company, has suffered a ransomware attack that has affected the operation of its stores in Holland, Belgium, Germany, and also the Spanish ones. Bad news considering that we are at the gates of Black Friday, the biggest sales campaign of the whole year.

Ransomware continues to wreak havoc, with MediaMarkt being the penultimate company to hit. If a decade ago the majority of Ransomware attacks were aimed at client personal computers with the aim of obtaining a few tens of dollars, in recent years the main objective is companies and administrations. And the bigger the better. Here the extortionists demand a ‘ransom’ of 240 million dollars.

According to a leaked internal email, cybercriminals would have hijacked more than 3,000 Windows servers who are in charge of the company’s services. As a security measure, the return, collection and any other online management services have been paralyzed, although in a statement to The vanguard the company claims to have «updated protocols to not stop providing any service” to his clients.

#MediaMarkt / #Saturn gerade scheinbar in ganz DE und NL von #Ransomware betroffen.
Alle Kassen still, nichts läuft, sieht nicht gut aus pic.twitter.com/OR4stCaTT6

– Hozan Murad ☀️ (@HozanMurad) November 8, 2021

The internal mail asks employees not to «do not reinstall the cash registers»Until the problem was solved, which would indicate that the collection systems would also have been out of service, in addition to the collection and return services and the stores’ client computers. MediaMarkt has more than 1,000 physical stores in Europe.

Although the company has not reported the specific type of attack, several reports point to HIVE, a typical ransomware, generally used to infect health systems, which once installed hijacks servers with strong file encryption and forces services to be paralyzed. It is speculated that cybercriminals They have asked for a ‘ransom’ of 240 million dollars for the multinational to recover services.

Mediamarkt is getroffen door from ransomware #HIVE. Opvallend, want HIVE is met name actief in de zorgsector. De groep achter HIVE vraagt ​​240 miljoen dollar! #MediamarktSaturn

💰 -240 Million Dollar
❌🖥️ – HIVE #Ransomware

📁Decrypted (.key.cggbt files)#Mediamarkt #Saturn #Cyber pic.twitter.com/NrBe7hxlh7

– CyberDonky (@ CyberDonkyx0) November 8, 2021

It is never a good time for a cyberattack, but the one that concerns us arrives at the gates of Black Friday and Christmas, the most relevant periods in sales of the whole year. The extent of the attack is unknown, but MediaMarkt’s website is active and the company claims to have recovered in-store services. In any case, we confirm that ransomware has become the main cyber threat of the technology industry, with agencies, critical infrastructure and companies (which unfortunately often pay extortionists by increasing the snowball) in the spotlight.