{ "id": "9b71f115-d7ba-487c-b2cc-1f3f8330218f", "created_at": "2026-04-06T00:15:26.701964Z", "updated_at": "2026-04-10T03:21:57.841458Z", "deleted_at": null, "sha1_hash": "413afaecad69b2afcddfedf4267c93f4b8513c5e", "title": "Ransomware hits Lojas Renner, Brazil's largest clothing store chain", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 93129, "plain_text": "Ransomware hits Lojas Renner, Brazil's largest clothing store\r\nchain\r\nBy Catalin Cimpanu\r\nPublished: 2022-12-15 · Archived: 2026-04-02 11:29:10 UTC\r\nLojas Renner, Brazil's largest clothing department store chain, said it suffered a ransomware attack that impacted\r\nits IT infrastructure and resulted in the unavailability of some of its systems, including its official web store.\r\nThe company first disclosed the incident in a filing with the Brazilian stock market on Thursday.\r\nSeveral Brazilian bloggers and news outlets blew the incident out of proportion by claiming that the attack had\r\nforced the company to shut down all its physical stores across the country.\r\nEarlier today, Renner officials filed a second document in order to dispel these rumors and assure shareholders\r\nthat all stores remained open and that the attack only impacted its e-commerce division.\r\nThis was also confirmed by The Record today in interviews with several Brazilians earlier today, who confirmed\r\nthat Renner stores were still open and processing transactions.\r\nSuspected RansomExx attack\r\nDetails about the ransomware incident remain to be confirmed, but one Brazilian blog claimed that the attack on\r\nRenner's infrastructure was carried out by the RansomExx gang, which gained access to Renner servers via Tivit,\r\na major Brazilian IT and digital services provider.\r\nAttack ransomware ? @Lojas_Renner @felipepayao @LabDefCon1 pic.twitter.com/4LtiYxFUR6\r\n— Clandestine (@akaclandestine) August 19, 2021\r\nHowever, in an interview with CNN Brazil Business, Tivit denied the report and went on the record to state that\r\nnone of its corporate networks or servers had been breached.\r\nDespite admitting that they've been hacked, Renner officials downplayed the severity of the intrusion and claimed\r\nthat their main database has remained intact and was not encrypted in the attack.\r\nHowever, it is unclear if the intruders managed to steal data from the hacked servers, which would most likely\r\nstore information related to the company's e-commerce stores.\r\nIf the RansomExx gang is confirmed to be behind this intrusion, then it's very likely that they also stole Renner\r\ndata before encrypting it, which is part of their normal modus operandi. Today, the RansomExx gang is one of the\r\nmany ransomware operations known for running a \"leak site\" on the dark web, where they publish data stolen\r\nfrom companies that refuse to pay its ransom demand.\r\nhttps://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/\r\nPage 1 of 2\n\nUnconfirmed report claims Renner paid\r\nBut just as The Record was preparing to publish this article, an unconfirmed report, citing \"unofficial sources,\"\r\nclaimed that Renner paid the hackers $20 million. At the time of writing, this remains to be confirmed, as a\r\nRenner spokesperson did not return a request for comment.\r\nEither way, Lojas Renner would be able in a position to pay such a huge ransom demand without breaking a\r\nsweat. Today, Lojas Renner is one of the largest South American businesses, operating more than 600 stores across\r\nthree countries under brands such as Renner, Camicado, Youcom, and Ashua.\r\nCatalin Cimpanu\r\nis a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement\r\nactions against hackers.\r\nSource: https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/\r\nhttps://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/" ], "report_names": [ "ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain" ], "threat_actors": [], "ts_created_at": 1775434526, "ts_updated_at": 1775791317, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/413afaecad69b2afcddfedf4267c93f4b8513c5e.pdf", "text": "https://archive.orkl.eu/413afaecad69b2afcddfedf4267c93f4b8513c5e.txt", "img": "https://archive.orkl.eu/413afaecad69b2afcddfedf4267c93f4b8513c5e.jpg" } }