On August 19th, The Hack revealed, exclusively, that the Renner Stores, one of the largest clothing trade networks in Brazil, had been infected with a ransomware. The information was verified through screenshots provided by a security researcher, reader of The Hack.
After the revelation, they were found evidence that the cybercriminal group RansomEXX (Defray777) was responsible for developing the ransomware that hit the company’s network. Two days later Renner reestablished its systems and returned to its e-commerce operation, as well as accepting card payments at physical stores.
The Hack newsroom went to one of the chain’s stores and confirmed that card payments were being made, although the system was quite slow. Security researchers consulted by the press consider that the recovery (in just 48 hours) was carried out in record time.
The Cointimes portal reported that heard from “unofficial sources” that the company would have paid an amount equivalent to $20 million (R$ 103 million) in cryptocurrencies, as redemption for data encrypted. Nonetheless, the company denied having paid a ransom, ensuring that it did not negotiate with cybercriminals. In late August, the company returned to public statements, also ensuring that it did not identify any data leaks.
So how was the company’s turnaround process? During the second day of the 1st National Congress of the Brazilian Institute for Data Security, Protection and Privacy (IBRASPD), Renner Stores information security manager, Adailton Silva, told us a little about this post-incident operation., needed to re-establish the company’s systems after the attack.
Second executive, the 48 hours of recovery were very stressful, with professionals working directly, without rest and facing crises of emotional instability.
Nonetheless, with the collaboration of the team and with the help of long-term partner suppliers, the company, which has more than 650 stores, returned to its operations in about 48 hours. “We had to build an infrastructure practically from scratch, validate all commercial issues so as not to impact the company”, says Silva.
Silva guarantees the backup configured and ready to be implemented was indispensable for the return of the company’s operations. “Many companies consider it a necessary evil. But, do you test backup? A background recovery plan is paramount.. But what if you see a corrupt backup six or seven months ago? Companies need to pay attention, invest and have people taking care of it. Technology doesn’t do everything alone”, comments Silva.