Walmart, an American retail giant having a business presence worldwide, has denied being targeted by Yanluowang ransomware and added that all of its systems in the network were operating fine as its Information Security teams were excellently prepared to maintain data continuity in such situations.
Issuing a statement on this note, the retailer believed that the claim was false and baseless and might be the work of some imaginary web news resources.
However, as per the update given by the Yanluowang ransomware spreading gang, the data from over 5K devices belonging to Walmart was ready to be sold on the dark web as it claims to have encrypted about 50K devices from the hypermarket chain.
They sold the stolen data as the representatives from the grocery chain failed to pay a demanded a sum of $55 million on time. The statement released by Yanluowang also adds that the information was extracted from a Windows domain and contains data of domain users, security certificates, and Kerberoasting attack.
Kerberoasting is a process where hackers gain control of the network and then access details of Windows services accounts and hashed NTLM passwords. Then the cyber crooks use brute force tactics to extract passwords in plain text to gain access.
Note- 1 In the year 2020, Walmart tried to put in a sincere effort to launch its retail operations in Russia. But the Russian Bureaucracy, license issues, and tons of paperwork demoralized the visiting officials of the American company and so they withdrew from establishing a shopping mall chain the network across Russia. This was disclosed to the media when most of the companies from North America pulled down their operations, services, and sales in the Russian Federation. Walmart clarified that it never supports bloodshed and will never-ever support Putin’s motives of capturing the innocent populace of Kyiv.
Note 2- Yanluowang refers to the Chinese god Yanluo Wang and so it might have been developed by Chinese hackers.