The American retailer Walmart has denied being hit with a ransomware attack by the Yanlouwang gang after hackers claimed to encrypt thousands of computers.
According to BleepingComputer, Walmart said that their “Information Security team is monitoring our systems 24/7,” and believe the claims to be inaccurate.
“We believe this claim is inaccurate and are not aware of a successful attack in this regard on our devices,” a Walmart said.
On Monday, the Yanluowang ransomware operation, who are relatively new, published an entry to their data leak site claiming that they breached Walmart’s systems and encrypted between 40,000 and 50,000 devices.
The site reads, “we encrypted about 40-50k Walmart computers and offered our help, but they decided to go the other way and here we publish.”
The ransomware gang told BleepingComputer that they claimed to have conducted the attack over a month ago and were able to encrypt devices, however did not steal any data. They demanded a $55 million ransom but never received a response from Walmart.
The data leak site entry includes various files that allegedly contain information extracted during the attack.
Walmart denies that the attack was successful, however these files contain information that claims to be from Walmart’s internal network, including a security certificate, the output of a kerberoasting attack, and a list of domain users.
Kerberoasting is used by threat actors after they gain a foothold on a network to extract Windows services accounts and their hashed NTLM passwords. These hashed passwords are then brute-forced to extract the plain-text passwords, which are used to elevate privileges on the Windows domain.
No one has been able to confirm if the leaked Windows domain data is legitimate.
