Nationwide Retailer Kmart hit by Ransomware Attack

Earlier this month, U.S retailer Kmart was hit by a ransomware attack that targeted its back-end services. Kmart, originally owned by the Sears Holding Corp, was purchased by Transform Holdco LLC (Transformco) in 2019 after it had filed for bankruptcy in 2018. Now the retailer has only 45 operating stores nationwide. 

The ransomware attack on Kmart is believed to be that of the Egregor ransomware operation which is known for stealing unencrypted files first then deploying ransomware. According to multiple reports, the attack left the ‘Transformco Human Resources Site,’ 88sears.com offline as well as encrypting the ‘KMART’ Windows domain. Other Kmart online stores however continue to operate normally. The Egregor ransomware operators threatened to release the data on popular ransomware data leak sites if the demands of their ransom are not met. It is however unknown how many devices were encrypted, if the attackers stole data, or just how much ransom was demanded. 

The Egregor ransomware attack is relatively new, only beginning operations and gaining better traction in September 2020 after the Maze Ransomware operation was shut down. 

The shutdown of the Maze ransomware data leak site led to a mass migration of operators to the Egregor ransomware operators which in turn allowed it to amass many victims within a short time; some of which are attacks on Barnes and Noble, Ubisoft, Crytek, and Cencosud. 

Kmart is yet to officially publicly comment on the attack but would have to do so soon due to fears of leaks of stolen information. 

Ransomware attacks have been on the rise in the past year with about 65% of global organizations reporting suffering a ransomware attack in the past 12 months.  

References

• https://www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/?&web_view=true
• https://www.techradar.com/news/kmart-is-the-latest-retailer-to-suffer-a-ransomware-attack