[TheRecord] Ransomware hits Lojas Renner, Brazil’s largest clothing store chain

Lojas Renner, Brazil’s largest clothing department store chain, said it suffered a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including its official web store.

The company first disclosed the incident in a filing with the Brazilian stock market on Thursday.

Several Brazilian bloggers and news outlets blew the incident out of proportion by claiming that the attack had forced the company to shut down all its physical stores across the country.

Earlier today, Renner officials filed a second document in order to dispel these rumors and assure shareholders that all stores remained open and that the attack only impacted its e-commerce division.

This was also confirmed by The Record today in interviews with several Brazilians earlier today, who confirmed that Renner stores were still open and processing transactions.

Suspected RansomExx attack

Details about the ransomware incident remain to be confirmed, but one Brazilian blog claimed that the attack on Renner’s infrastructure was carried out by the RansomExx gang, which gained access to Renner servers via Tivit, a major Brazilian IT and digital services provider.

Attack ransomware ? @Lojas_Renner @felipepayao @LabDefCon1 pic.twitter.com/4LtiYxFUR6

— Clandestine (@akaclandestine) August 19, 2021

However, in an interview with CNN Brazil Business, Tivit denied the report and went on the record to state that none of its corporate networks or servers had been breached.

Despite admitting that they’ve been hacked, Renner officials downplayed the severity of the intrusion and claimed that their main database has remained intact and was not encrypted in the attack.

However, it is unclear if the intruders managed to steal data from the hacked servers, which would most likely store information related to the company’s e-commerce stores.

If the RansomExx gang is confirmed to be behind this intrusion, then it’s very likely that they also stole Renner data before encrypting it, which is part of their normal modus operandi. Today, the RansomExx gang is one of the many ransomware operations known for running a “leak site” on the dark web, where they publish data stolen from companies that refuse to pay its ransom demand.

Unconfirmed report claims Renner paid

But just as The Record was preparing to publish this article, an unconfirmed report, citing “unofficial sources,” claimed that Renner paid the hackers $20 million. At the time of writing, this remains to be confirmed, as a Renner spokesperson did not return a request for comment.

Either way, Lojas Renner would be able in a position to pay such a huge ransom demand without breaking a sweat. Today, Lojas Renner is one of the largest South American businesses, operating more than 600 stores across three countries under brands such as Renner, Camicado, Youcom, and Ashua.

The post Ransomware hits Lojas Renner, Brazil’s largest clothing store chain appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SANS ISC] ISC Stormcast For Wednesday, May 11th, 2022 https://isc.sans.edu/podcastdetail.html?id=8002, (Wed, May 11th)

All posts, Sans-ISC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Source: Read More (SANS Internet Storm Center, InfoCON: green)

Read More

[HackerNews] ‘Roaming Mantis’ Android Malware Targeting Europeans via Smishing Campaigns

All posts, HackerNews

A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time. Dubbed Roaming Mantis, the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL to a landing […]

Read More

[ThreatPost] No More Ransom Saves Victims Nearly €1 Over 5 Years

All posts, ThreatPost

No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich. Source: Read More (Threatpost)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.