Big-box retailer Kmart Corp. has been allegedly been struck by a ransomware attack that has impacted back-end services.

Exclusively reported today by Bleeping Computer, the ransomware attack is believed to have involved the Egregor ransomware gang. First detected in September, Egregor uses a so-called double-tap attack in that data is both encrypted and stolen. Those behind the ransomware demand a ransom payment not to release the stolen data.

Previously linked to ransomware attacks on Crytek GmbH and Ubisoft Entertainment SA, the ransomware gang is described as being “the most aggressive ransomware family in terms of negotiation,” giving victims only 72 hours to contact them before releasing stolen data on their website “Egregor News.”

The attack did not shut down Kmart’s website but is said to have affected 88.sears.com, a human resources website operated by Kmart’s parent company Transformco SR Brands LLC.

As of the time of writing, neither Kmart nor Transformco has publicly confirmed that a ransomware attack. Transformco is a privately held company, and Kmart, which from a peak of over 2,000 stores in 1994 is now down to 25. But it has remaining stores in California and hence is bound by the California Consumer Privacy Act to disclose any cybersecurity incident that involves the theft of data.

“One of the big fears coming out of an Egregor ransomware attack is the likelihood of unprotected files being stolen prior to the operation encrypting devices,” Trevor Morgan, product manager with data security specialists comforte AG, told SiliconANGLE. “While the report does not conclusively indicate whether threat actors gained access to Kmart’s most sensitive data, it serves as yet another reminder for all businesses to apply the strongest level of data-centric security to their datasets.”

Gil Kirkpatrick, chief architect of enterprise protection company Semperis Inc., noted that the Kmart attack shows again how financially motivated threat actors can break into even well-prepared corporate networks.

“Retail organizations have to be vigilant for cyberattacks in the run up to Christmas,” Kirkpatrick said. “Taking appropriate preventative steps is critical, but you have to prepare for the worst case by developing and practicing a complete, scorched-earth disaster recovery plan that minimizes the downtime of mission-critical systems.”

Photo: Mike Kalasnik/Wikimedia Commons