Threat Watch

Cencosud Infected by Egregor Ransomware

Chilean retail giant Cencosud is currently dealing with an Egregor ransomware infection affecting multiple stores. Affected stores remained open, though some services were impacted due to the incident. One store in Buenos Aires is warning customers that they could not accept Cencosud cards, store returns or allow customers to pick up online orders.

Sign outside a Cencosud store in Buenos Aires
Source: Lucas Aie (@Lucasaie84)

Videos also began to surface of the ransom note being printed from point of sale (POS) systems at some store locations. According to BleepingComputer, this is a known “feature” of the ransomware. Unfortunately, Egregor seems to show no signs of slowing down after making a big debut with its first few victims. As of today, their data leak website currently lists 105 victims with the latest update being about Barnes & Noble.

ANALYST NOTES

Egregor activity has seemed to explode right from the start with victims across multiple countries and industries. Investigations so far have revealed that most Egregor infections start from Qakbot-infected devices. Binary Defense highly recommends having a traditional anti-virus installed alongside more in-depth solutions such as our Managed Detection and Response (MDR). The Binary Defense SOC also monitors for threats 24/7 to stop intrusions in the early stages before they have a chance to spread. Organizations can also find an extensive list of recommendations to prepare for a ransomware incident in the CISA Ransomware Guide.

Source: https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/