MIGROS Suffers Ransomware Attack by Stormous Group

MIGROS, a major retail company operating in Turkey, has been targeted by the ransomware group Stormous. The attack was announced on the group's dark web leak site, and the victim's website is https://www.migros.com.tr/. MIGROS is a significant player in the retail sector, employing over 100,000 people and serving a large customer base.

The Stormous group is known for its ransomware-as-a-service (RaaS) operations, which have been active since mid-2020. The group has been targeting high-value entities and keeping ransom payment negotiations private to avoid drawing law enforcement attention and media coverage.

MIGROS's vulnerability to ransomware attacks may be attributed to the fact that macros, which are used to automate common tasks in Microsoft Office, can also be exploited to deliver malware, including ransomware. The group's attack on MIGROS could have been facilitated by the use of malicious macros, which have been identified as a significant vector for ransomware delivery.

In response to the growing threat of ransomware attacks, Microsoft announced changes to combat the rapid growth of ransomware delivered via malicious macros, but later reversed the decision due to community feedback. This indecision highlights the ongoing challenge of securing against ransomware attacks, particularly those delivered via macros, which are widely used in the retail sector and other industries.

The attack on MIGROS serves as a reminder of the need for robust cybersecurity measures to protect against ransomware attacks. Companies should prioritize securing their systems against malicious macros and other attack vectors, as well as implementing strong data backup and recovery strategies to minimize the impact of a successful attack.

Sources

• HelpNetSecurity
• DeepWeb
• BleepingComputer