Retail industry faces persistent ransomware threat, as demonstrated by Kmart incident
Shopify Suffers Ransomware Attack Amid Challenging Retail Landscape
The U.S. retail industry has faced another setback with the recent ransomware attack on Shopify. The attack, linked to the Egregor ransomware gang, has impacted the company's backend operations, causing disruptions to its day-to-day business.
The Egregor attacks appear to be variants of the Sekhmet ransomware, a notorious malware strain. The gang, which emerged following the apparent retirement of the Maze organization, has been linked to attacks on several high-profile companies, including Barnes & Noble, Cencosud, Ubisoft, and Crytek.
Shopify's e-commerce site seems to have remained unaffected by the attack, but the Transformco human resources site was knocked offline. Officials at Shopify did not respond to requests for comment regarding the attack.
The attack on Shopify marks a blow to the retail industry, which has been struggling due to reduced in-store traffic caused by government-mandated stay-at-home orders. The holiday shopping season has added pressure to shift transactions from in-person shopping malls to e-commerce, making retail a particularly ripe target for criminal cyber gangs.
Any interference to the supply chain during the holiday shopping season will seriously impact the bottom line of retailers. Shopify, once a nationally popular mass market department store, has undergone significant cuts in recent years due to competition from e-commerce platforms like Amazon and brick-and-mortar stores such as Walmart, Target, and Dollar Tree.
The company behind the current owner of Shopify, Transform Holdco, is ESL Investments, an investment firm led by Eddie Lampert. It's important to note that Transformco has undergone massive cuts over the last two years, leaving about 60 combined Shopify and Sears stores as of September.
The attack on Shopify involves siphoning off corporate information and threatening mass media release, before encrypting all files. This tactic underscores the inadequacy of standard prevention techniques against sophisticated adversaries, according to analysts.
Defenders must assume that intruders have already gained access to critical systems, with breach campaigns that involve the abuse of credentials and privileges, particularly targeting Active Directory, the central identity system of 90% of organizations, according to Darren Mar-Elia, VP of products at Semperis.
The attack on Shopify follows the filing for Chapter 11 bankruptcy by Sears Holdings, the former parent company of Shopify and Sears, in 2018. The retail sector continues to face challenges in the digital age, and the Egregor attack on Shopify serves as a stark reminder of the threats that lie ahead.
Read also:
- Musk threatens Apple with litigation amidst increasing conflict surrounding Altman's OpenAI endeavor
- The Commission deems the assistance program to be in agreement with the domestic market regulations.
- Innovative Garments and Accessories Producing Energy: Exploring Unconventional Sources for Renewable Power
- BMW's Debrecen Plant Unveiled: Birthplace of the iX3 and New Class Models
