French news website Numerama said the notorious ransomware group gave Intersport until December 5 to pay the ransom but may have extended this deadline. The breach appears to only affect some Intersport stores in Northern France. At the moment, it’s unclear how many stores are affected and what the group’s ransom demands are. Intersport is a multi-billion dollar company with thousands of international stores, including nearly 800 outlets in France.
Black Friday Ransomware Attack on Intersport
According to La Voix du Nord, Hive breached Intersport’s systems in a ransomware attack on November 23, during Black Friday sales. The breach made some electronic systems at Intersport stores inaccessible, forcing attendants to resort to manual checkouts. An affected Intersport store in Arques reportedly displayed a storefront notice: “Dear customers, we are currently facing a cyberattack by Intersport servers that prevents us from accessing our cash registers, the loyalty card service, and the gift card service.” At the time, Intersport said only a few of its stores in France were affected. The company also downplayed the implications of the theft of its data. Intersport said it was attempting to resolve the issue, but Hive’s decision to leak a sample of the stolen data may indicate that these efforts are not yielding the desired results. According to Numerama, the leaked data includes passports, lists of customer information, and pay slips. After ransomware attacks, cybercriminals usually release a sample of the stolen data to compel victims to pay up. Screenshots of the stolen data were reportedly posted on the Hive gang’s blog on the dark web. Hive is a prolific ransomware-as-a-service operator. The European Union Agency for Cybersecurity (ENISA) ranks the group among the most dangerous ransomware gangs alongside Conti and LockBit. In July, the Federal Bureau of Investigation (FBI) released a cybersecurity advisory about Hive after the group targeted healthcare organizations in the United States. According to the FBI, Hive launched attacks on 1,300 companies between June 2021 and November 2022, extorting over $100 million in ransom payments from victims.
Hive’s Origins Remain Unknown
The origins of the Hive ransomware group are unknown. However, Numerama said the names of several of the leaked files were in Russian, indicating that the group may have Russian-speaking members. A February report by blockchain firm Chainalysis said Russian threat actors are responsible for most ransomware attacks across the world. Hydra Market, the world’s largest and longest-serving dark web market, was brought down in April, specifically catered to Russian-speaking countries throughout Eastern Europe. Are you concerned that your data may have been leaked online due to a data breach? Our guide to dark web monitoring explains everything you need to know about scanning the dark web for leaked information.