Shoprite supermarket

Shoprite Holdings, Africa's largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack.

Shoprite is Africa's largest supermarket chain, with a revenue of $5.8 billion and149,000 employees. The retailer has 2,943 stores, serving millions of customers in South Africa, Nigeria, Ghana, Madagascar, Mozambique, Namibia, DRC, Angola, and other countries.

Last Friday, the company disclosed that they suffered a security incident, warning customers in Eswatini, Namibia, and Zambia, that their personal information might have been compromised due to a cyberattack.

"Additional security measures to protect against further data loss were implemented by amending authentication processes and fraud prevention and detection strategies to protect customer data," mentions the firm's statement.

"Access to affected areas of the network has also been locked down. The data compromise included names and ID numbers, but no financial information or bank account numbers."

Yesterday, the ransomware gang known as RansomHouse took responsibility for the attack, posting an evidence sample of 600GB of data it claims it stole from the retailer during the attack.

Shoprite listed as a victim on the RansomHouse extortion site
Shoprite listed as a victim on the RansomHouse extortion site
Source: BleepingComputer

RansomHouse is a new group of threat actors who launched their operations in December 2021 and later set up an extortion site where they post evidence of stolen data.

The threat actors blame their victims for poor security practices and inadequate protection, something they did with Shoprite where they taunted the company about their security habits in Telegram.

RansomHouse mocking Shoprite's security
RansomHouse mocking Shoprite's security on Telegram
Source: BleepingComputer

Victims that don't meet 'RansomHouse' demands have their stolen data sold to other cybercriminals. If there's no interest in buying the data, the group publishes them on the Onion site for free.

While there have been encrypted files related to RansomHouse, the threat actors claim that they do not engage in encryption and only perform data theft and extortion.

The threat actors have previously claimed that any encryption events associated with them result from partnerships with gangs that use ransomware strains, like White Rabbit.

In the case of Shoprite, the firm hasn't mentioned anything about business disruption or operational problems, so they may not be dealing with a data encryption situation.

Still, the issue of stolen data remains, and Shoprite has warned clients in the announcement that the possibility of that data being used by unauthorized parties is significant.

The advice provided to customers is to remain vigilant against unsolicited communications, change their account passwords, and avoid sharing any personal information over the phone, SMS, or email.

Related Articles:

Meet Interlock — The new ransomware targeting FreeBSD servers

Tech giant Nidec confirms data breach following ransomware attack

Underground ransomware claims attack on Casio, leaks stolen data

Hacker gets 10 years in prison for extorting US healthcare provider

US indicts Snowflake hackers who extorted $2.5 million from 3 victims