IKEA posted on ransomware gang’s leak site

Ransomware cartel Vice Society added data stolen from IKEA Morocco and IKEA Kuwait to the gang’s website. The company confirmed it was attacked.

Vice Society has supposedly posted data taken from IKEA stores in Morocco and Kuwait. Snippets from the ransomware gang’s leak site suggest threat actors got ahold of confidential business data.

Names of the files on Vice Society’s leak site also point to threat actors taking data from IKEA stored in Jordan as well. File and folder names indicate that sensitive employee data such as passports might have leaked.

IKEA Morocco confirmed the company experienced cyberattacks in both Morocco and Kuwait.

"IKEA Morocco and Kuwait faced a cyber attack, causing disruptions on some operating systems. The attack is being investigated in collaboration with the competent authorities as well as our cybersecurity partners," the company said in a Twitter post in French.

The company also said that IKEA shop in Morocco and Kuwait are independently operated by a Kuwait-based franchise and works separately from other IKEA distributors worldwide.

IKEA, the Swedish-Dutch furniture manufacturer headquartered in the Netherlands, operates two stores in Jordan, three in Kuwait, and four in Morocco.

Last year, IKEA was hit by a wave of email reply-chain cyberattacks that targeted the company’s internal mailboxes, as well as those of IKEA’s suppliers and business partners.

The Vice Society ransomware gang has been operating at least since late 2020. Due to similar tactics and file naming, researchers believe Vice Society was tied to another ransomware cartel called HelloKitty.

The group has been noted to focus its sights on organizations in the education sector. Last September, the group leaked data stolen from the Los Angeles Unified School District (LAUSD).

According to Darkfeed, a deep web monitoring feed, Vice Society has posted 125 victims to its leak site. Targeting IKEA is somewhat of an outlier for the gang as victims in education and healthcare make over a third of their victims. Meanwhile retail only makes up around 7% of the gang’s victims.