The chain of attacks by means of ransomware that is involving numerous Italian and world companies seems to have no end. At the expense this time is MediaWorld, a distribution chain linked to the German Media Markt and specialized in the sale of household appliances. The attackers seem to be working at full speed to hit any target: from public health, through the recent attacks on San Carlo to large-scale distribution (GDO). 2021 now seems destined to be the year of records for attacks of this type (even the methodologies for reaching the victims change from time to time).
The ransomware that hit MediaWorld
From the details reported by the RTLnieuws newspaper it seems that the ransomware has been keeping the company's servers in check for a few days now. The requested ransom is approximately 50 million dollars to be paid in Bitcoin to allow the recovery of data and the resumption of normal operations of the systems. The stores, however, are not closed and continue to offer services to their customers, even if collections and returns are temporarily not possible.
The group of cybercriminals behind the attack is Hive, the same one that a few months ago had carried out another attack on three US hospitals and that the FBI had already reported. Among the most used methods is phishing, as a vehicle for malicious infections together with intrusion via Remote Desktop Protocol (RDP), used to remotely control Windows computers.
The ransom requested and the modality
Probably the funniest aspect of the story (which, however, speaks volumes about how the attack scenarios are changing) is the portal made available by the attackers. In fact, the MediaWorld system engineers have the right to access a chat with Hive where they can negotiate the price of the redemption . If you then decide to pay the agreed price in Bitcoin, on the same Helpdesk page there will be an additional area in which to decrypt the files taken hostage.
Infected computers display a message like this: “Your network has been breached and all data has been encrypted. To get access to all data again, you need to purchase our software ”. Hive has also set up a site where data extracted from other companies is made public, as if to demonstrate its superiority.
In any case, what is outlined above clearly conveys the idea of the increasingly flourishing business linked to cyber attacks that takes advantage of general insecurity and lack of attention to risk. On the contrary, such a widespread series of attacks should invite business administrators to reflect to try to run for cover as soon as possible . Once again, employee training on cyber risks, good architecture design and the presence of a well-trained team of experts can prevent such scenarios.
The article Continues the chain of ransomware attacks: the new victim is MediaWorld comes from Tech CuE | Close-up Engineering .