The Chilean multinational Cencosud (Centros Comerciales Sudamericanos SA) was hacked by cybercriminals who would have in their possession information from customers of supermarkets such as Disco, Jumbo and Vea and they would ask for millions of dollars to return it.
Cencosud brings together Jumbo, Paris, Easy, Costanera Center, Santa Isabel, Vea, Disco, Metro, Johnson and Shopping Center. As a result, many clients are affected, with a very high potential for damage: Cencosud has its own credit cardFor that reason, they could also use information to make purchases and thus steal money from customers.
As he knew Clarion the company is preparing a statement. It already affects several businesses that suspended certain operations:
According to the site Segu.info, specialized in computer security, the system used to extort money from Cencosud is a ransomware called Egregor, and it is a substitute for another widely used called Maze. And they would have given Cencosud three days to act.
In fact, it is believed to be the ransomware of the moment: It was the same one that attacked other companies such as the video game developer Ubisoft (which just this Friday lived a hostage-taking).
“On November 1, the group Maze announced its ‘retirement’, noting that there was no ‘official successor’ and that support for the malware would end after a month. Malwarebytes noticed a drop in infections since August and that’s why it says the removal from the scene ‘not really’ an unexpected move. However, that does not mean that Maze’s previous clients would also leave the market, and the researchers suspect that ‘many of its affiliates have moved into a new family’ known as Egregor, a spin-off of the Ransom Sekhmet”, They explain on the specialized site.
The “ransom note” was printed alone in Easy branches
As published by the site The Editor Platense, this is the image of the ransom note, that is, the notification of the hack along with the instructions to follow to recover the information. The funny thing is that this printing began in several Easy branches without anyone executing an impression. It happened in Argentina and Chile.
The ransom note that appeared on Cencosud’s printers
Below the translation What does the page that was sent to be printed at different Cencosud branches in Chile and Argentina says.
What happened? Your network was attacked, your computers and servers were blocked, your private data was downloaded.
What does that mean? It means that soon the media, its partners and customers will meet.
How can it be avoided? To avoid this problem you must contact us WITHIN THREE DAYS.
And if not we contact you in three days? We will start publishing data.
That I can handle alone. It is your right but in this case all data will be published.
Do not fear this threat! This is not the threat, but the algorithm of our actions.
If you have hundreds of millions of dollars unwanted there is nothing to worry about, that is the exact amount of money that you will spend for recovery and payments.
You convince me. Then you need to contact us, there are some ways to do it …
Recommended the safest method:
a) Download a special browser
b) Install the browser
c) Open our live chat website in the Tor browser and follow the instructions on this page.
If the first method is not suitable for you
Open our website with our live chat on the Tor … “
The second leaf of ransomware add information: “What will I get in case of an agreement? You will get the complete decryption of your machines on the network, the confirmation of the complete list of the data elimination stack (SIC) downloaded from our servers, the recommendation and the confidentiality complete information on the incident … “.