Lojas Renner, Brazil’s largest chain of clothing department stores, have confirmed that they suffered from a ransomware attack. In a filing made with the Brazilian stock exchange, the company first disclosed information about the incident, which impacted a lot of its IT infrastructure. This incident resulted in the unavailability of a lot of the company’s systems, including its official web store.
It was reported that several Brazilian news outlets and blogs claimed that the incident forced Lojas Renner to shut down all of their physical stores across the country. These claims were deemed to be unnecessary rumours through a second document filed by officials of the company. Through this, the company dispelled all these rumours and mentioned that the situation was really blown out of proportion. The company officials also assured shareholders that all their stores have remained open and the ransomware attack only affected their e-commerce division.
The Record, through interviews with several Brazilian citizens, also confirmed that the Lojas Renner stores remained open and processed transactions normally, contrary to the earlier rumours.
Lojas Renner hit by RansomExx?
The Brazilian company is yet to confirm any details about the identity of the hackers or if they have been in contact with the hackers about a ransom. However, a Brazilian blog by the name of TecMundo claims that according to “images released on social networks”, Lojas Renner is allegedly being extorted for a whopping US$1 Billion.
According to the image, the hackers claim to only be “interested in money”, and it looks like they have shared a link that allegedly contains all the information regarding the “accident”. It is to be noted that this image is not verified.
More importantly, the blog also claims that there are indications that the ransomware in question would be TheDefray777 – also known as the RansomExx ransomware gang. The RansomExx gang were recently in the news after they allegedly held the popular Taiwanese hardware giant Gigabyte under ransom. Although, it is very important to note that the ransomware gang has not yet published details of the attack on Lojas Renner on their own dark web page, contrary to their actions during the Gigabyte ransomware attack.
The blog also adds a detail that the attack on Lojas Renner’s IT infrastructure was carried out by RansomExx after gaining access to their servers via Tivit, a major IT and digital services provider in Brazil.
“A source also stated that the virtual machines of the databases of Porto Alegre and TIVIT in SP were encrypted. In addition, more than 1,300 servers would have been encrypted.”via the TecMundo article
But, according to a report by CNN Brazil, Tivit has made an open statement that the company “has not suffered any attack on its data centres, nor on its corporate networks, nor on its servers.” Due to this statement, the suspicion falls on Lojas Renner’s own servers located in its headquarters in Porto Alegre.
There is also another unconfirmed report, which cites “unofficial sources” claiming that Lojas Renner has already paid a ransom amount of $20 million to the hackers.
The Current Situation
CNN Brazil has also reported that the Foundation for Consumer Protection and Defense – Sao Paulo (Procon-SP) has asked Lojas Renner for explanations about the cyberattack. They believe that the company should provide information about which databases were hit, what the level of exposure was, and most importantly if any personal consumer data was leaked. Procon-SP says that the company should respond by 25th August (Wednesday).
“Renner was also asked to clarify the encryption process used in the collection, processing and storage of customer data and the presence of a named Data Officer, as provided for in the General Data Protection Law (LGPD).”via the CNN Brazil report
It is no surprise that one of the largest South American businesses with over 600 operational stores was attacked in what seems to be 2021’s most popular method of cyberattack, ransomware. Lojas Renner is just another company joining the likes of Colonial Pipeline, Saudi Aramco, Liquid – just to name a few major companies spread across the globe, that have been hit by ransomware.