stormous attacks MIGROS
Incident Date:
March 28, 2022
Overview
Title
stormous attacks MIGROS
Victim
MIGROS
Attacker
Stormous
Location
First Reported
March 28, 2022
MIGROS Suffers Ransomware Attack by Stormous Group
MIGROS, a major retail company operating in Turkey, has been targeted by the ransomware group Stormous. The attack was announced on the group's dark web leak site, and the victim's website is https://www.migros.com.tr/. MIGROS is a significant player in the retail sector, employing over 100,000 people and serving a large customer base.
The Stormous group is known for its ransomware-as-a-service (RaaS) operations, which have been active since mid-2020. The group has been targeting high-value entities and keeping ransom payment negotiations private to avoid drawing law enforcement attention and media coverage.
MIGROS's vulnerability to ransomware attacks may be attributed to the fact that macros, which are used to automate common tasks in Microsoft Office, can also be exploited to deliver malware, including ransomware. The group's attack on MIGROS could have been facilitated by the use of malicious macros, which have been identified as a significant vector for ransomware delivery.
In response to the growing threat of ransomware attacks, Microsoft announced changes to combat the rapid growth of ransomware delivered via malicious macros, but later reversed the decision due to community feedback. This indecision highlights the ongoing challenge of securing against ransomware attacks, particularly those delivered via macros, which are widely used in the retail sector and other industries.
The attack on MIGROS serves as a reminder of the need for robust cybersecurity measures to protect against ransomware attacks. Companies should prioritize securing their systems against malicious macros and other attack vectors, as well as implementing strong data backup and recovery strategies to minimize the impact of a successful attack.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.