Migros, a Retail Giant, Targeted by SunCrypt Ransomware Group

Company Overview

Migros, a leading retail company in Turkey with over 100,000 employees, has been targeted by the SunCrypt ransomware group. The attack was confirmed through a leak on the group's dark web site, which also revealed that the company's website is https://www.migros.com.tr/.

Migros is a significant player in the retail sector, with a wide range of products and services. The company's website provides information on their products, services, and locations, indicating a strong online presence and potential vulnerabilities to cyber threats.

Vulnerabilities and Targeting

SunCrypt, a ransomware-as-a-service (RaaS) operation, has been active since mid-2020 and is known for its triple extortion tactics, including file encryption, threat to publish stolen data, and distributed denial of service (DDoS) attacks on non-paying victims. The group has been targeting high-value entities, keeping ransom payment negotiations private to avoid law enforcement attention and media coverage.

SunCrypt's Capabilities

The 2022 SunCrypt variant includes new capabilities such as process termination, stopping services, and wiping the machine clean for ransomware execution. These features have been present in other ransomware strains but are recent additions to SunCrypt, suggesting that the group is still in an early development phase.

Impact and Response

The attack on Migros is part of SunCrypt's ongoing operations, which have been described as stagnant but still a real threat. The company's response to the attack is not publicly available, but it is likely that they are taking steps to mitigate the damage and prevent further attacks.

Sources

• HackNotice: Migros
• Antonio Feninno on LinkedIn: Retail Cybersecurity
• DeepWeb.net: Migros Subsidiary Lüchinger + Schmid Falls Victim to a Ransomware Attack
• BleepingComputer: SunCrypt Ransomware is Still Alive and Kicking in 2022
• Picus Security on LinkedIn: Migros Case Study