A Hive ransomware operation hit MediaMarkt, a German multinational chain of consumer electronics stores, with the threat actors initially demanding a ransom of $240 million. IT systems in the Netherlands and Germany were closed down as a result of the incident and store operations were hampered. 

With over 1,000 stores in 13 countries, MediaMarkt is Europe's largest consumer electronics retailer. It employs around 53,000 people and has total sales of €20.8 billion. At the start of this week, a ransomware attack targeted MediaMarkt, encrypting servers, workstations and creating an outage of IT services to stop the attack from propagating. 

The ransomware attack, according to BleepingComputer, affected several retail stores across Europe, particularly in the Netherlands. While online sales are unaffected, affected stores' cash registers are unable to accept credit cards or generate receipts. The system shutdown is also restricting returns due to the inability to search for previous purchases. Employees are instructed to avoid encrypted systems and to turn off networked cash registers on the network. 

As per screenshots of alleged internal communications posted on Twitter, the hack compromised 3,100 servers. However, at this moment, BleepingComputer has been unable to verify those claims. The Hive Ransomware organization is behind the attack, according to BleepingComputer, and requested a huge, but unrealistic, $240 million ransom to acquire a decryptor for encrypted files. 

Ransomware groups frequently demand high ransoms at first to allow for negotiation, and they generally only get a portion of what they demand. However, BleepingComputer has been told that during the attack on MediaMarkt, it was almost automatically dropped to a significantly smaller amount. 

While it is unclear whether unencrypted data was captured in the attack, Hive ransomware is known to steal files and post them on its 'HiveLeaks' data breach site if a ransom is not paid. When BleepingComputer contacted MediaMarkt about the hack, they received the following response: 

“The MediaMarktSaturn Retail Group and its national organizations became the target of a cyberattack. The company immediately informed the relevant authorities and is working at full speed to identify the affected systems and repair any damage caused as quickly as possible. In the stationary stores, there may currently be limited access to some services. MediaMarktSaturn continues to be available to its customers via all sales channels and is working intensively to ensure that all services will be available again without restriction as soon as possible. The company will provide information on further developments on the topic. - MediaMarkt.”

Hive ransomware was first discovered in June 2021 and has already hit over 30 companies, counting just those who did not pay the demanded ransom. The Hive group, according to the FBI, uses a range of tactics, methods, and processes to breach targeted networks. 

Hive ransomware was first discovered in June 2021 and has already hit over 30 companies, counting just those who did not pay the demanded ransom. The Hive group, according to the FBI, uses a range of tactics, methods, and processes to breach targeted networks. 

Hive ransomware is a data encryption malware that has gained notoriety as a result of strikes against the Memorial Health System, where employees were made to work with paper charts as their computers were encrypted. Altus Group was another victim, with hackers stealing corporate information and data from the software supplier, which were then made public on HiveLeaks. 

Hive has also created variants to encrypt Linux and FreeBSD servers, which are often used to host virtual machines.