On Monday 15th of August 2022, Damart, a French clothing company published a message about unscheduled maintenance on the homepage of its online store. It was later revealed the unscheduled maintenance was due to Damart having to take proactive actions to contain a ransomware attack by the Hive ransomware group. The attack resulted in some of the company’s systems being encrypted and operations being disrupted as the rest of the systems were shut down to protect them from being encrypted.
“As a precaution, they have temporarily restricted some services available to customers, which is why the website is currently offline. Data and system security is a top priority for the business and reassuringly there is no evidence to-date that any customer data has been impacted in any way.” – Damart.
On Wednesday 24th of August 2022, it was reported that Damart’s sales network wasn’t operating normally and the disruption had impacted 92 of its stores. Therefore resulted in the number of accepted orders decreasing and customer support not being available. Damart clarified in an announcement that the threat actors had successfully reached the Active Directory and launched a rush attack that resulted in encrypting some of the systems.
Damart has not been posted on Hive ransomware’s leak site which indicates that Hive wanted to keep the negotiations private. Although Damart has not engaged in negotiations with the Hive operators yet but informed the national police of the incident. The ransom demand is believed to be for $2 million, although Damart has stated that the ransomware group wasn’t able to steal any data.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.