11/14/2020 5:39 PM
Clarín.com
Technology
Updated 11/14/2020 5:39 PM
The Chilean multinational Cencosud (Centros Comerciales Sudamericanos SA) was hacked by cybercriminals who would have in their possession information from customers of supermarkets such as Disco, Jumbo and Vea and
would ask for millions of dollars to return it.
In Argentina, Cencosud brings together Jumbo, Paris, Easy, Costanera Center, Santa Isabel, Vea, Disco, Metro, Johnson and Shopping Center.
With this, there are many potential customers affected, with a very high potential for damage:
Cencosud has its own credit card
, for that reason they could also use information to make purchases and thus steal money from customers.
As published by the site Segu.info, specialized in computer security, the system used to extort Cencosud is a
ransomware called Eregor,
and it is a substitute for another widely used called Maze.
And they would have given Cencosud three days to act.
In fact, it is believed to be
the ransomware of the moment
: it was the same one that attacked other companies such as video game developer Ubisoft.
“On November 1, the Maze group announced its 'retirement', noting that there was no 'official successor' and that support for the malware would end after a month.
Malwarebytes has noticed a drop in infections since August and so says the removal from the scene is "not really" an unexpected move.
However, that does not mean that Maze's previous clients would also leave the market, and the researchers suspect that 'many of its affiliates have moved to a new family' known as Egregor, a spin-off of the Ransom Sekhmet, ”they explain on the site. specialized.
The "ransom note": dialogue with criminals
As published by the site
El Editor Platense
, this is the image of the "ransom note", that is, the notification of the hack along with the instructions to follow to recover the information.
It would have come from printers at different company locations both in Argentina and Chile.
The ransom note that appeared on Cencosud's printers
Below is the translation of what the page that was sent to print in different Cencosud branches in Chile and Argentina says.
What happened?
Your network was attacked, your computers and servers were blocked, your private data was downloaded.
What does that mean?
It means that soon the media, its partners and customers will meet.
How can it be avoided?
To avoid this problem you must contact us WITHIN THREE DAYS.
And if not we contact you in three days?
We will start publishing data.
I can handle that alone.
It is your right but in this case all the data will be published.
Do not fear this threat!
This is not the threat, but the algorithm of our actions.
If you have hundreds of millions of unwanted dollars there is nothing to worry about, that is the exact amount of money you will spend for recovery and payments.
You convince me.
Then you need to contact us, there are some ways to do it ...
Recommended the safest method:
a) Download a special browser
b) Install the browser
c) Open our live chat website in tor browser and follow the instructions on this page.
If the first method is not suitable for you
Open our website with our live chat on the tor ... "
The second sheet of the ransomware adds information: "What will I get in case of a deal? You will get complete decryption of your machines on the network, confirmation of the complete list of the data deletion stack (SIC) downloaded from our servers, recommendation and complete confidentiality about the incident ... ".
PJB
Look also
Cyberattacks related to the coronavirus increased: 605%
Who are the FBI's most wanted cybercriminals and how they attack
Due to the pandemic, antivirus downloads are triggered