This weekend, Egregor attacked one of the largest retailers in South America, Cencosud.
Cencosud, an international retailer headquartered in Chile, has been hit by an Egregor ransomware cyber attack that affected its stores.
Cencosud is one of the largest retail companies in South America. The retailer has 1,400 employees and revenues of $ 15 billion in 2019. Cencosud operates multiple stores in Argentina, Brazil, Chile, Colombia and Peru, including Easy home goods stores, Jumbo supermarkets and Paris department stores.
This weekend the company's computer networks were attacked by ransomware that encrypted devices in stores and affected its operations. According to Argentine media reports, the shops are open, but some services are down. For example, Easy Stores in Buenos Aires do not accept Cencosud Card Credit Cards, do not accept returned merchandise, and do not provide pickup for online merchandise ordered.
According to the ransom note received by BleepingComputer, the company was the victim of the ransomware Egregor, which attacked its Windows systems. After the attack, printers in some stores in Chile and Argentina began to print a note on their own - a feature characteristic of Egregor. Although there are no links to screenshots of the stolen data in the note, the malware usually steals the data before encrypting the files.
Egregor is offered on a ransomware-as-a-service business model. The malware has started its activity in September this year, when operators extortionist Maze began to curtail their operations, and their partners have begun to cooperate with Egregor.