REvil Ransomware Operators Breached Group Cactus, a Leading Supermarket Company in Luxembourg

The REvil ransomware operators recently struck the Group Cactus supermarket chain and downloaded their sensitive and confidential data from their database.

The Group Cactus was being established in the year 1900. It is one of Luxembourg’s leading family-run businesses, known for food and general “quality of life” stores of several sizes using the brands Cactus, SupercactusCactus marché (Cactus Market) and CactusShoppi. In the last quarter the group cactus earned around 140.24 million of revenue. The group also operates speciality shops selling items such as flowers or CDs. As of July 2017, Cactus is Luxembourg’s fourth-largest employer with over 4000 employees. Together the Cactus workforce strives day in and day out to offer its customers the very best service possible

As per now, the ransomware operators have posted a sample of files and data of the company being downloaded by them. As per the Cyble Research Team, this small data leak from the large lot seems to be a warning for the company to accept the terms of the ransomware operators. Unfortunately, if the terms are not being accepted by the Cactus group, then the REvil ransomware operators seem to leak a large lot of sensitive data of the company. Below is the snapshot of the message and the list of files being posted by REvil ransomware operators.

A snapshot of small warning message being posted by ransomware operators

Snapshot of List of sensitive files of company

Snapshot of List of sensitive files of company

Snapshot of List of sensitive files of company

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.

Scroll to Top