Bleeping Computer reports that the Egregor ransomware attacked the Chilean company Cencosud, one of the largest retailers in South America.
Let me remind you that Egregor began its activity quite recently – in early September, shortly after the operators of the Maze ransomware announced cessation of their operations.According to experts, the Maze, Egregor and Sekhmet ransomware are essentially one and the same thing, and the same people are behind all these malwares.
In just two months of activity, Egregor has already managed to attack the largest game developers (Ubisoft and Crytek), as well as the largest bookstore chain in the United States (Barnes & Noble).
The Cencosud incident took place over the weekend and had a significant impact on the company’s operations: malware encrypted devices in almost all Cencosud stores.
Clarín also writes that many printers in stores in Chile and Argentina began to print ransom notes. This feature is a well-known feature of Egregor: after finishing encryption, the malware automatically prints the ransomware messages on any available printers. If a large company’s network was attacked, it could result in thousands of such flyers being printed.
Bleeping Computer got the same ransom note, and the publication confirms that Egregor attacked the Windows domain of Cencosud.
The extortionists write that they stole these companies and threaten to disclose them if they do not receive a ransom. Although the hackers do not provide any references to the stolen information and proof of their words, journalists note that usually Egregor operators really steal company data before encryption begins.
Cencosud is one of the largest retailers in South America with over $15 million profit last year. The company employs more than 140,000 employees. Cencosud owns large chain stores in Argentina, Brazil, Chile, Colombia and Peru.
