How to avoid being hacked like Kmart & Barnes & Noble


Although we don’t have any Kmart stores left in the islands and only a single Barnes & Noble location at Ala Moana Mall, we can sympathize with these struggling retailers as they try to survive against monolithic competitors. Unfortunately both Kmart and Barnes & Noble were recently hacked, just in time for the holiday season and have been struggling with the fallout. The good news is that these data theft and ransomware attacks are often avoidable and we can learn from these incidents to protect our own companies.

Barnes & Noble was hacked in October


Back in October, the Egregor ransomware gang made headlines after they claimed responsibility for the Barnes & Noble cyberattack. The attackers were able to exfiltrate (copy) private corporate files, take down the Nook e-reader service and disrupt registers in stores. But, this is not the worst thing about the Egregor gang – they have a track record of stealing unprotected files prior to encrypting company devices. This sensitive data is then used as leverage to extract a ransom from the victim, otherwise the stolen data gets leaked or sold online. For example, also in October they hacked gaming giant Ubisoft, stealing the source code for the game Watch Dogs: Legion, which it released later that month.

These Egregor guys are serious about stealing data and releasing it if they don’t get paid a ransom. I’m sure we can expect the same to happen to Kmart’s stolen data in the coming weeks.

The Takeaway

Companies of all sizes can avoid most of the fallout of attacks like these by taking common-sense precautions like implementing high level security services (such as Total Security), a sound employee security awareness program, maintaining backups and using data encryption. While there are prevention techniques for ransomware attacks, the attacks themselves constantly evolve. Depending on the size and sophistication of a company, prevention can become very difficult.

Advanced Persistent Thread (APT) actors such as Egregor are highly skilled, well funded and motivated. Join us in the fight to protect businesses like yours from theft, crime and disaster.

Stay safe out there.