European Electronics Giant ‘MediaMarkt’ Victims of $50 Million Bitcoin Ransomware Attack

German multinational electronics chain MediaMarkt has suffered a ransomware attack disrupting the organisation’s IT systems globally, rendering all in-store computers inaccessible to employees. The business has been brought to a standstill unless it pays a US$50 million bitcoin ransom.

Multimillion-Dollar Ransom Demand

MediaMarkt suffered a Hive ransomware attack on November 7, causing network outages in its IT infrastructure across all branches in the Netherlands and Germany, with the attackers demanding a multimillion-dollar ransom in bitcoin (BTC). The attack has allegedly encrypted and blocked various key services of the retailer, including its ability to accept credit cards and accept returns in some stores. Online sales are reportedly unaffected. 

According to a report from Dutch news channel RTL, on every hacked computer there is a file containing the message: “Your network has been hacked, and all data has been encrypted. To regain access to all data, you must purchase our decryption software”.

Media Markt suffered #Hive ransomware attack resulting #IT systems to shut down and store operations to be disrupted in Netherlands & Germany.
Details: https://t.co/8drkUTl01k#mediamarkt #ransomwareattack #cyberattack #electronics #infosec #Threatfeeds #SecureBlink pic.twitter.com/6RwfsLnd7J

— Secure Blink (@secure_blink) November 9, 2021

MediaMarkt (Belgium) spokeswoman Janick De Saedeleer told local news channels: “We are investigating everything at the moment; I can only confirm that this is an international attack.”

The company immediately informed the relevant authorities and is working at full speed to identify the affected systems and repair any damage caused as quickly as possible.

MediaMarkt statement

Up to 3,100 Servers Possibly Affected

With over 1,000 stores across Europe and reported revenues of nearly US$25 billion per year, MediaMarkt is Europe’s largest and most profitable electronics retailer, making it a big red target for cyber criminals. Screenshots posted from Twitter claim that 3,100 servers were compromised, though this information is yet to be verified.

Initially, the ransom demand was US$240 million, according to tech website Bleeping Computer, but that amount dropped almost immediately when MediaMarkt began negotiating.

Hive Hacker Group Behind the Attacks

While there are many groups that have active hacking campaigns, the MediaMarkt’s attackers are known as Hive. The group, which has previously hacked hospital computer systems, among others, handles its business quite professionally. It even has a sort of “customer service” division where victims can chat with the hackers to negotiate the ransom and get a few hostage files back as proof. Those who fail to pay in time will find that their information will be up for grabs on the group’s website. By leaking this data, the hackers put pressure on their victims.

Alongside the rise in crypto prices this year, ransomware attacks have also increased in frequency and levels of damage. According to blockchain data company Chainalysis, by May the tally of stolen crypto from ransomware attacks had already reached US$81 million.

In July, Australian software provider Kaseya was hit by a ransomware attack affecting various Aussie retailers. Members of the REvil group were found to be responsible and police seized more than US$6 million in stolen funds.