data privacy News

RansomExx allegedly hits Lojas Renner, Brazil’s largest clothing chain

Lojas Renner, Brazil’s largest chain of clothing department stores,  have confirmed that they suffered from a ransomware attack. In a filing made with the Brazilian stock exchange, the company first disclosed information about the incident, which impacted a lot of its IT infrastructure. This incident resulted in the unavailability of a lot of the company’s systems, including its official web store.

It was reported that several Brazilian news outlets and blogs claimed that the incident forced Lojas Renner to shut down all of their physical stores across the country. These claims were deemed to be unnecessary rumours through a second document filed by officials of the company. Through this, the company dispelled all these rumours and mentioned that the situation was really blown out of proportion. The company officials also assured shareholders that all their stores have remained open and the ransomware attack only affected their e-commerce division.

The Record, through interviews with several Brazilian citizens, also confirmed that the Lojas Renner stores remained open and processed transactions normally, contrary to the earlier rumours.

Lojas Renner hit by RansomExx?

The Brazilian company is yet to confirm any details about the identity of the hackers or if they have been in contact with the hackers about a ransom. However, a Brazilian blog by the name of TecMundo claims that according to “images released on social networks”, Lojas Renner is allegedly being extorted for a whopping US$1 Billion.  

Source: TecMundo

According to the image, the hackers claim to only be “interested in money”, and it looks like they have shared a link that allegedly contains all the information regarding the “accident”. It is to be noted that this image is not verified.

More importantly, the blog also claims that there are indications that the ransomware in question would be TheDefray777 – also known as the RansomExx ransomware gang. The RansomExx gang were recently in the news after they allegedly held the popular Taiwanese hardware giant Gigabyte under ransom. Although, it is very important to note that the ransomware gang has not yet published details of the attack on Lojas Renner on their own dark web page, contrary to their actions during the Gigabyte ransomware attack.

The blog also adds a detail that the attack on Lojas Renner’s IT infrastructure was carried out by RansomExx after gaining access to their servers via Tivit, a major IT and digital services provider in Brazil.

“A source also stated that the virtual machines of the databases of Porto Alegre and TIVIT in SP were encrypted. In addition, more than 1,300 servers would have been encrypted.”

via the TecMundo article

But, according to a report by CNN Brazil, Tivit has made an open statement that the company “has not suffered any attack on its data centres, nor on its corporate networks, nor on its servers.” Due to this statement, the suspicion falls on Lojas Renner’s own servers located in its headquarters in Porto Alegre.

There is also another unconfirmed report, which cites “unofficial sources” claiming that Lojas Renner has already paid a ransom amount of $20 million to the hackers.

The Current Situation

CNN Brazil has also reported that the Foundation for Consumer Protection and Defense – Sao Paulo (Procon-SP) has asked Lojas Renner for explanations about the cyberattack. They believe that the company should provide information about which databases were hit, what the level of exposure was, and most importantly if any personal consumer data was leaked. Procon-SP says that the company should respond by 25th August (Wednesday).

“Renner was also asked to clarify the encryption process used in the collection, processing and storage of customer data and the presence of a named Data Officer, as provided for in the General Data Protection Law (LGPD).”

via the CNN Brazil report

It is no surprise that one of the largest South American businesses with over 600 operational stores was attacked in what seems to be 2021’s most popular method of cyberattack, ransomware. Lojas Renner is just another company joining the likes of Colonial Pipeline, Saudi Aramco, Liquid – just to name a few major companies spread across the globe, that have been hit by ransomware.

About the author

Arjun Ramprasad

Arjun Ramprasad is an undergraduate law student from Symbiosis Law School, Hyderabad with a flair for anything technology. If not here, you can find him performing on various stages as a percussionist.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.