Egregor Ransomware targets retail giant Cencosud, prints ransomware notes

Egregor Ransomware targets retail giant Cencosud, prints ransomware notes

Latin American retail giant Cencosud has suffered a ransomware attack by Egregor ransomware operators earlier this month that has impacted services in stores in multiple countries.

Cencosud is based in Chile and has retail stores in Argentina, Brazil, Chile, Colombia and Peru. The international retail giant boasts over $15 billion in revenue for 2019 and nearly 140,000 employees. Store brands include Easy home goods, Jumbo supermarkets and the Paris department stores.

According to the BleepingComputer report, Cencosud was hit with a ransomware attack earlier this month. As a result, attacker encrypted devices throughout their retail outlets and impacted the company’s operations.

In one case, an Easy store in Buenos Aires displayed a sign “warning customers that they are not accepting the ‘Cencosud Card’ credit card, accepting returns, or allowing the pickup of web purchases due to technical problems.”

BleepingComputer also obtained the Egregor ransom note and confirmed it was operated by Egregor actors and targeted the ‘Cencosud’ Windows domain.

In addition, the Egregor operators may have some of its origins from Maze cybercriminal group, also behind recent Canon ransomware attack.

“Threat actors that many hackers who partnered with Maze are now working with Egregor,” BleepingComputer wrote.

What is also interesting is Egregor has a “feature” that allows the malware to print ransomware notes to printers as devices get compromised and encrypted.

This incident also comes after a flurry of other high profile ransomware attacks, such as those at Carnival, Canon and Garmin, to name just a few.

This past August, the Federal Bureau of Investigation (FBI) also issued a Flash Alert warning for Netwalker Ransomware attacks against U.S. and foreign organizations.

Related Articles