Renner store

Ransomware hits Lojas Renner, Brazil's largest clothing store chain

Lojas Renner, Brazil's largest clothing department store chain, said it suffered a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including its official web store.

The company first disclosed the incident in a filing with the Brazilian stock market on Thursday.

Several Brazilian bloggers and news outlets blew the incident out of proportion by claiming that the attack had forced the company to shut down all its physical stores across the country.

Earlier today, Renner officials filed a second document in order to dispel these rumors and assure shareholders that all stores remained open and that the attack only impacted its e-commerce division.

This was also confirmed by The Record today in interviews with several Brazilians earlier today, who confirmed that Renner stores were still open and processing transactions.

Suspected RansomExx attack

Details about the ransomware incident remain to be confirmed, but one Brazilian blog claimed that the attack on Renner's infrastructure was carried out by the RansomExx gang, which gained access to Renner servers via Tivit, a major Brazilian IT and digital services provider.

However, in an interview with CNN Brazil Business, Tivit denied the report and went on the record to state that none of its corporate networks or servers had been breached.

Despite admitting that they've been hacked, Renner officials downplayed the severity of the intrusion and claimed that their main database has remained intact and was not encrypted in the attack.

However, it is unclear if the intruders managed to steal data from the hacked servers, which would most likely store information related to the company's e-commerce stores.

If the RansomExx gang is confirmed to be behind this intrusion, then it's very likely that they also stole Renner data before encrypting it, which is part of their normal modus operandi. Today, the RansomExx gang is one of the many ransomware operations known for running a "leak site" on the dark web, where they publish data stolen from companies that refuse to pay its ransom demand.

Unconfirmed report claims Renner paid

But just as The Record was preparing to publish this article, an unconfirmed report, citing "unofficial sources," claimed that Renner paid the hackers $20 million. At the time of writing, this remains to be confirmed, as a Renner spokesperson did not return a request for comment.

Either way, Lojas Renner would be able in a position to pay such a huge ransom demand without breaking a sweat. Today, Lojas Renner is one of the largest South American businesses, operating more than 600 stores across three countries under brands such as Renner, Camicado, Youcom, and Ashua.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.