Report: Kmart hit by ransomware attack
Struggling department store retailer Kmart has reportedly had its human resources site shut down by hackers seeking payment to end the outage.
According to online information security publication BleepingComputer, an organized cybercrime group known as “Egregor” illegally encrypted some devices and servers running as part of the Kmart technology enterprise. A purported ransom note shared with BleepingComputer indicated that the Kmart Windows domain was affected.
The attack did not shut down Kmart’s ecommerce site, but reportedly has blocked off access to the “88.sears.com” human resource site operated by Kmart parent company Transformco. When Chain Store Age visited the 88.sears.com site on Thursday, Dec. 3, it displayed a runtime error page with a warning that it was not secure.
BleepingComputer reports that although Egregor has only been in existence since September 2020, it has already attacked a number of other well-known companies, including book retailer Barnes & Noble. Egregor is known to operate by stealing data from a company, partially or fully shutting down its network, and then extorting a ransom payment in exchange for not releasing sensitive data and removing the encryption.
Ruston Miles, an encryption security expert who is founder and advisor of cybersecurity solutions provider Bluefin, told Chain Store Age there are several prevention techniques for ransomware attacks, but the attacks are constantly evolving.
“Depending on the size and sophistication of a company, prevention can become very difficult,” said Miles. “The issue with Kmart and similar retailer breaches is that they may not be adequately securing their data – whether in the cloud, in their network or at the point of intake – which could leave private information in ‘clear-text,’ just waiting to be stolen by malicious actors. Companies need to devalue this data with security technologies like encryption and tokenization, so that if a breach does occur – whether ransomware or malware or a combination – the malicious actors get no data of value.”
It is unknown whether Egregor stole any Kmart data, how much ransom the group is demanding, or how much of the Kmart network it has been able to shut down. Kmart and Transformco declined a BleepingComputer request for comment.