French furnishing retail giant allegedly hit with ransomware


BlackCat ransomware gang listed Conforama, said to be Europe's second-largest home furnishing retail chain, on its victim list.

On its data leak site, BlackCat threat actor boasts about stealing over 1TB of Conforama's data due to "a very low level of security and protection of their users' data."

ADVERTISEMENT

On November 10, the ransom gang gave Conforama 48 hours to contact them and "get a chance to recover your data and protect your customers from the leak."

The stolen data allegedly contains financial documents and reports, customer credit card data, marketing, analytical and strategic, logistics documents, and client personal information, among other sensitive information.

"If Conforama does not contact us within 48 hours of the attack, this blog will be published, all data will be posted to the public domain, and there will be activity that will severely harm Conforama, its customers, and partners," BlackCat threatened.

It also said it would use clients' financial data for illegal purposes and inform all customers, partners, and suppliers. BlackCat threatened to send all internal marketing and analytical data to Conforama's competitors.

"This is the only chance they have to save their reputation, their business, and their customers' and partners' data," its data leak site reads.

As proof, BlackCat posted over a dozen of company documents, mostly various commercial agreements.

Conforama threatened
Screenshots by Cybernews

Gangs like Black Hat publicize their alleged victims to pressure the companies into paying.

ADVERTISEMENT

We’ve reached out to Conforama press officer in France to learn more about the incident and the criminals’ demands but received no immediate response.

Who’s BlackCat?

BlackCat, also known as ALPHV, entered the stage in November 2021. It is one of the first ransomware families written in the Rust programming language. Rust helps criminals to avoid detection by conventional security tools and creates a challenge for defenders trying to reverse engineer the payloads or compare them to similar trends.

The FBI believes money launderers for ALPHV/BlackCat cartel are linked to Darkside and Blackmatter ransomware cartels, indicating the group has a well-established network of operatives in the ransomware business.

Lately, ALPHV/BlackCat has been among the most active ransomware gangs. According to the cybersecurity analyst ANOZR WAY, the group was responsible for approximately 12% of all attacks in 2022.

Most recently, ALPHV/BlackCat ransomware was used to attack the University of Pisa. Threat actors demanded the university administration to pay $4.5 million for the release of encrypted data.

“BlackCat aka ALPHV is a sophisticated and advanced player in the ransomware-as-a-service business, and its operators are associated with the REvil ransomware group and are probably from Russia,” head of Cybernews Security Research Mantas Sasnauskas said.

According to him, they are different from others since they tend to be very generous to affiliates and have a 90% payout rate, with an average ransom demand amounting to several million dollars.

“Ransomware is still one of the most prominent threats to businesses, and proper monitoring and industry-standard protection techniques are extremely important to follow for businesses as well as employee awareness, as a human is usually the weakest link, whether it is a misconfiguration or social engineering attack, such as opening phishing email with a malicious payload,” Sasnauskas said.

ADVERTISEMENT