On Monday 27th of June 2020, the new Yanluowang ransomware operation claimed in a published entry to their data leak site that they had breached, the American retailer, Walmart and encrypted between 40,000 and 50,000 devices. Additionally, various files were uploaded with the entry which allegedly contains information extracted from Walmart’s Windows domain during the attack.
“We encrypted about 40-50k Walmart computers and offered our help, but they decided to go the other way and here we publish,” reads the data leak site.
In communications with the technology new site, BleepingComputer, the Yanluowang ransomware gang claimed they had conducted the attack over a month ago which involved encryption of thousands of devices belonging to Walmart but they were not able to steal any data. Although they stated they had demanded a $55 million ransom but never received a response from Walmart.
A Walmart spokesperson released a statement stating that Walmart doesn’t believe the claim is accurate and they haven’t been aware of a successful attack against their devices. Although Walmart denies an attack was successful, these uploaded files contain information that claimed to be from Walmart’s internal network which includes a security certificate, a list of domain users, and the output of a kerbroasting attack. But no further evidence has been released to confirm if the allegedly leaked Windows domain data is legitimate.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.