State hackers breach defense, energy, healthcare orgs worldwide
MediaMarkt hit by Hive ransomware, initial $240 million ransom
REvil ransomware affiliates arrested in Romania and Kuwait
Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice
Medical software firm urges password resets after ransomware attack
Unlock 250 IT certification courses in our pre-Black Friday sale
U.S. offers $10 million reward for leaders of REvil ransomware
Robinhood discloses data breach impacting 7 million customers
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany.
MediaMarkt is Europe’s largest consumer electronics retailer, with over 1,000 stores in 13 countries. MediaMarkt employs approximately 53,000 employees and has a total sales of €20.8 billion.  
MediaMarkt suffered a ransomware attack late Sunday evening into Monday morning that encrypted servers and workstations and led to the shutdown of IT systems to prevent the attack’s spread.
BleepingComputer has learned that the attack affected numerous retail stores throughout Europe, primarily those in the Netherlands.
While online sales continue to function as expected, cash registers cannot accept credit cards or print receipts at affected stores. The systems outage is also preventing returns due to the inability to look up previous purchases.
Local media reports that internal MediaMarkt communications tell employees to avoid encrypted systems and disconnect cash registers from the network.
Screenshots posted on Twitter of alleged internal communications state that 3,100 servers were affected in this attack. However, BleepingComputer has not been able to corroborate those statements at this time.
#MediaMarkt / #Saturn gerade scheinbar in ganz DE und NL von #Ransomware betroffen.
Alle Kassen still, nichts läuft, sieht nicht gut aus
BleepingComputer has confirmed that the Hive Ransomware operation is behind the attack and initially demanded a huge, but unrealistic, $240 million ransom demand to receive a decryptor for encrypted files.
Ransomware gangs commonly demand large ransoms at the beginning to allow room for negotiation and usually receive a fraction of the initial demand. However, in the attack on MediaMarkt, BleepingComputer has been told it was almost automatically reduced to a much lower amount.
While it is not clear if unencrypted data has been stolen as part of the attack, Hive ransomware is known to steal files and publish them on their ‘HiveLeaks’ data leak site if a ransom is not paid.
When we reached out to MediaMarkt earlier today about the attack we received the following statement:
The MediaMarktSaturn Retail Group and its national organizations became the target of a cyberattack. The company immediately informed the relevant authorities and is working at full speed to identify the affected systems and repair any damage caused as quickly as possible. In the stationary stores, there may currently be limited access to some services. 
MediaMarktSaturn continues to be available to its customers via all sales channels and is working intensively to ensure that all services will be available again without restriction as soon as possible. 
The company will provide information on further developments on the topic. – MediaMarkt.
Hive ransomware is a relatively new operation launched in June 2021 that is known to breach organizations through malware-laced phishing campaigns.
Once they gain access to a network, the threat actors will spread laterally through a network while stealing unencrypted files to be used in extortion demands.
When they gain admin access on a Windows domain controller, they deploy their ransomware throughout the network to encrypt all devices.
The ransomware gang is known to seek out and delete any backups to prevent them from being used by the victim to recover their data.
Hive has also created variants used to encrypt Linux and FreeBSD servers, commonly used to host virtual machines.
Unlike some ransomware operations that will not encrypt healthcare institutions, nursing homes, government agencies, and other essential services, Hive ransomware does not seem to care who they target.
In August, this was shown when Hive ransomware attacked the non-profit Memorial Health System, which forced staff to work with paper charts and disrupted scheduled surgeries.
Update 11/8/21 12:01 PM EST: Added statement from MediaMarkt.
Update 11/8/21 01:53 PM EST: Added information about Hive Ransomware. 

Second farming cooperative shut down by ransomware this week
Canadian province health care system disrupted by cyberattack
Groove ransomware calls on all extortion gangs to attack US interests
Sinclair TV stations crippled by weekend ransomware attack
University of Sunderland announces outage following cyberattack
Not a member yet? Register Now
Microsoft: New Windows driver deployment service coming soon
State hackers breach defense, energy, healthcare orgs worldwide
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Threat actors offer millions for zero-days, developers talk of exploit-as-a-service

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…

Lazarus hackers target researchers with trojanized IDA Pro

Microsoft urges Exchange admins to patch bug exploited in the wildMicrosoft November…

Microsoft warns of the evolution of six Iranian hacking groups

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…

Microsoft offers 50% subscription discounts to Office pirates

Microsoft offers 50% subscription discounts to Office piratesRussian hacking group uses new…