The Chilean business group Cencosud suffered a ransomware attack on Friday afternoon, in which they were required to pay a millionaire ransom, apparently in bitcoin, in exchange for not making public data from their media, partners and clients. This group owns, among other companies, Jumbo, Easy and Disco, in addition to providing financial services.
The message, written in English by an unidentified group, came out simultaneously from the printers of different stores in both Chile and Argentina. “Your network was attacked, your computers and servers were blocked, your private data was downloaded,” he said by way of introduction.
He then announced that various confidential data would be disclosed unless the victim contacted this group within the next 3 days. For this it gives several options, one of which involves accessing the Egregor virus website.
The Egregor virus restricts access to files and criminals demand a ransom in exchange for unlocking them. Source: egregor-support.com
According to specialists, Egregor blocks access to some files within a computer system. Later “cybercriminals demand the payment of a ransom, generally in bitcoins, to unlock them.”
“What will I get in case of an agreement?”, Said the note of the attackers, to immediately give the answer: “You will obtain the complete decryption of your computers in the network, the confirmation of the complete list of the data elimination stack ( SIC) downloaded from our servers and the recommendation and complete confidentiality about the incident ”.
The information on this attack was released by the users of Cencosud cards, who reported the system down, and by the cashiers of the stores who released the message that their printers issued. Until now the company did not issue information on the matter through its official channels, so the outcome of this event is unknown.
Printers in stores in Chile and Argentina issued the attackers’ message. Source: @ patriciomolina / Twitter
As explained by computer security specialist Patricio Molina, founder of Real Trends, if a victim gives in to extortion and pays criminals, they set a precedent and becomes a potential target for further attacks.
Molina also noted that “it was very clever to carry out this attack on a Friday afternoon.” He explained that weekends are the busiest days; that Saturdays and Sundays there are only emergency guards; and that the desperation and fatigue of the management is taken advantage of.
Finally, the specialist mentioned that “it is very difficult to avoid ransomware attacks and it is much more difficult to recover from one.”
“You have to be understanding with the situation. It does not only have to do with backups, firewalls and antivirus. The ‘human’ vector in large organizations is difficult to control ”.
Patricio Molina, founder of Real Trends.
As reported by CriptoNoticias, this type of attack increased considerably during 2020, compared to previous years.