In the early hours of Monday, November 8, a ransomware attack affected MediaMarkt servers in several countries in central and northern Europe. At first, the German multinational electronics company did not offer any official statement, but it did publish a leaked internal email about the status of the chain’s servers.

ciberataque ransomware mediamarkt 08/11

The email explains that more than 3,000 Windows servers could have been “hijacked”, as well as numerous web servers. The message warns employees not to “reinstall the cash registers” until the problem is fixed, suggesting that the billing system may have been taken out of service. Following the usual security protocols, employees were also asked to disconnect their computers.


First consequences of the cyberattack on MediaMarkt

In the first instance, it was learned that this ransomware attack had consequences in stores in the Netherlands, Belgium and Germany. Although during the first hours there was no official information on the extent of the intrusion.

It was found that the attack also affected establishments located in Spain. Computer problems meant that stores could only sell products that were physically on the premises. The return services, collection and any other management that had to be carried out online was paralyzed as a security measure, although the German company reported that “the protocols have been updated so as not to stop providing any service” to its customers.

Meanwhile, Dutch media reported that although the affected stores remained open, the collection and return services were inactive. The computers in these establishments would also be disabled.


MediaMarkt confirmed the ransomware attack

Finally, the company confirmed the ransomware attack. An intrusion of this type consists of malicious software that restricts access to certain parts or files of the infected operating system, which is commonly known as “data hijacking”. Often times, those responsible for these types of attacks demand a ransom in exchange for reestablishing access to the systems.

As has been leaked on social networks, the ransomware used on this occasion would have been HIVE. A malware commonly used to infect health systems. The payment required for the recovery of access to the systems could exceed 240 million dollars.

ciberataque ransomware mediamarkt 08/11


Current situation of MediaMarkt

The company has confirmed that the intrusion has affected the organization in all countries: “it has affected all countries, including our organization. The competent authorities have been informed immediately and we are working to identify the affected systems and repair the damage caused as soon as possible ”.

Although the impact has not been the same in all regions. Along with Belgium and the Netherlands, Germany has been the most affected country. In these three countries, both physical stores and online stores have been forced to limit a large part of their services. Thus, for example, it is not possible to process the financing of purchases, the collection and return of products purchased online or the use of coupons and vouchers.

In Spain, the situation is more stable. All physical stores and the online store are still operational, although some limited access to some of their services is possible.


A few days before Black Friday, the worst time for a cyber attack

Barely two weeks before the start of the Black Friday campaign and one month before the Christmas campaign, this is the period of the year in which most of the annual sales of electronic products are concentrated. Of course, hackers have chosen the “best” time for their attack.

Francesc es el responsable de Content Marketing de Sinapsis. Con más de diez años de dedicación al copywriting ha acumulado una gran experiencia en diversos temas aunque su mayor pasión sigue siendo el marketing online. Friky de corazón, ha encontrado en el SEO una nueva forma de seguir "jugando".