Cencosud, the largest retail company in Chile and the third-largest listed retailer in Latin America, was hit by Egregor ransomware operators over the weekend.
The attack encrypted devices in various retail locations, including Argentina (as originally reported by local news site Clarín) and impacted the company’s operations. A store in Buenos Aires has put a sign outside the entrance warning customers that they are not accepting the Cencosud Card credit card, returns or in-store pickup of web purchases due to “technical problems.”
At some retail locations in Argentina and Chile, printers began spitting out ransom notes, with the Egregor team claiming responsibility for the hack.
After obtaining a copy of the digital ransom note, Bleeping Computer confirmed it was conducted by Egregor, while the attack targeted the ‘Cencosud’ Windows domain. Egregor operates on the ransomware-as-a-service model and is believed to include members of the infamous Maze team. The physical printing of ransom notes is said to be a ‘known feature’ of Egregor ransomware.
Earlier this month, the Indian Computer Emergency Response Team (CERT-In) issued an advisory warning about recent activity by the Egregor ransomware team.
“Individuals or organizations are not encouraged to pay the ransom as this does not guarantee files will be released,” it said.
The modus operandi is to break into the IT infrastructure, steal data, run malware to encrypt the data, then threaten to publish the data online if ransom is not paid, CERT-In said.
“Maintain updated anti-virus software on all systems and don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign,” the agency advised.
Of course, the best mitigation technique is to keep regular, offline backups of sensitive data. Prevention is the best cure against ransomware, history has shown.