Ransomware attack on Media-Markt and Saturn: the background

top cybersecurity companies

Guido Grillenmeier, Chief Technologist EMEA at the IT security provider Semperis, comments on the current serious case of a ransomware attack on Media-Markt and Saturn in a guest article.

The ransomware attack on Media-Markt and Saturn is a heavy blow for the two tech markets that belong to the Ceconomy group and use the same backend systems. Around 3100 servers were encrypted – and before Christmas, every hour counts when the systems are restored so that the core time of Christmas shopping does not turn into the actual financial disaster for these consumer giants.

Completely independent of the 240 million ransom demands of the extortionists behind which the “Hive” ransomware group stands. These have now been reduced to 50 million – certainly not a bargain either.

Now it’s about time. How quickly can all systems be restored to get business back on track? It is also possible that all Active Directory servers (domain controllers) are affected and encrypted. How do you restore Active Directory when this happens – when all of the servers are down? Too few companies ask this question before something happens.

The fact is: if the Active Directory servers are no longer running, nothing works anymore – they are the basis for logging on all other systems in the infrastructure – including the cash register systems and other servers that are necessary for the processing of the actual business. They are also the first systems that have to be restored – afterwards it can only be done with the other servers.

The latest attack shows once again how vulnerable even modern retail companies are that earn their money with technology. Often a loophole is enough and the attackers can approach their target unnoticed. Once this has been achieved, it can (unfortunately) go very quickly – and the way back becomes arduous.

Leave a Reply

Your email address will not be published. Required fields are marked *