Chilean-based retail giant Cencosud was affected by a ransomware attack launched by Egregor ransomware gang impacting operations at its stores.
Cencosud, the largest retail company in Chile and the third largest in Latin America. The company has over 1045 stores in Latin America (Argentina, Brazil, Chile, Colombia, and Peru) with more than 140,000 employees and $15 billion in revenue for 2019. The company’s stores include Easy home goods, Jumbo, Paris, Costanera Center, Santa Isabel, Vea, Disco, Metro, Johnson and Shopping Center.
Accorsing to a post published by the Argentinian media outlet Clarin, Cencosud (Centros Comerciales Sudamericanos SA) was hacked by cybercriminals who had information from customers of supermarkets such as Disco, Jumbo and Vea and would demand millions of dollars to return it.
The incident took place this week and the customers must not use their ‘Cencosud Card’ credit card or pickup their web purchases at the affected stores due to the ransomware attack.
Cencosud has its own credit card which suggests that the attackers might use the stolen information to make purchases and steal money from customers.
From the ransom note it was confirmed that it was performed by Egregor and that it targeted the ‘Cencosud’ Windows domain.
Egregor ransomware which has been active since September as a ransomware-as-a-service operation have earlier victims like Egregor Crytek, Barnes and Noble, and Ubisoft.
According to local media, the printers in multiple retail outlets in Chile and Argentina were printing out ransom notes while the ransomware was encrypting the systems.
The ransom note does not provide links to proof of stolen data, but Egregor has a history of stealing unencrypted files before deploying their ransomware.