Hive group attacked Media Markt demanding $50 million

Last Sunday a German multinational chain of stores selling consumer electronics with over 1000 stores in Europe endured a cyberattack. Media Markt has over 1,000 stores in 13 countries. It employs roughly 53,000 employees and has a total revenue of €20.8 billion. Company’s branches in Germany, Belgium and Netherlands fell victims to the Hive ransomware onslaught.

Hive ransomware attacked Media Markt

Dutch news outlet first published the news based on the emails they gained access to. According to them the company asked its employees to remove the internet cables from cash registers. It also added not to restart the systems. Evidently to the internal communication of the company computers could no longer be used. The Hive cybercriminal group who conducted the attack initially asked for $240 million. But later criminals dropped the demand to 50 million USD, or €43 million, in Bitcoin. That’s as RTL reports.

The saying goes that negotiations keep going but this information the spokesperson for the company refuted. Although part of the company’s service don`t present itself unavailable, customers can still make orders online. But they cannot collect or return the products as staff don`t have the information on such orders available.

When Bleeping Computer reached out to the company’s management they received the following statement:

“The MediaMarktSaturn Retail Group and its national organizations became the target of a cyberattack. The company immediately informed the relevant authorities and is working at full speed to identify the affected systems and repair any damage caused as quickly as possible. ”

What does Hive ransomware stand for?

Cyber security specialists first detected Hive ransomware this summer in June. The ransomware made news when it attacked Marietta, Ohio-based Memorial Health System. As a result they canceled all non urgent surgeries and radio exams, diverted ambulances` calls. The attacked health system worked with paper charts while specialists put the infected systems down to minimize the damage.

The interesting thing about the Hive ransomware method of work brings in that this is actually human operated malware. Hackers designed it the way to take input from the command line and allows for tailoring of the attack to maximize the impact. Hive presents itself as another double extortion group that while encrypting the files make sure to exfiltrate the sensitive data. It allows criminals to make additional pressure threatening to publish the information.

Ransomware became over the past years a keen subject for many companies and organizations around the world. As in the example of Hive facts make this evident that hackers try to refurbish their tactics and tools. So the growing concerns lies in creating effective countermeasures. This year one of such steps that the Netherlands government took laid in reducing the ransomware payments. The public officials proposed that companies that receive insurance won’t be allowed to make payments using this particular money.