{ "id": "f54874fb-9355-4625-8e25-9f7d3fbd49bb", "created_at": "2026-04-06T00:09:06.848369Z", "updated_at": "2026-04-10T03:21:55.720766Z", "deleted_at": null, "sha1_hash": "637841f3fa50a40baac359dcbbc6f34149e3c6d2", "title": "Kmart nationwide retailer suffers a ransomware attack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2329238, "plain_text": "Kmart nationwide retailer suffers a ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2020-12-03 · Archived: 2026-04-05 18:24:09 UTC\r\nUS department store Kmart has suffered a ransomware attack that impacts back-end services at the company,\r\nBleepingComputer has learned.\r\nSears Holding Corp originally owned both Kmart and Sears, but after the company filed for bankruptcy in 2018, it was\r\npurchased by Transform Holdco LLC (Transformco) in 2019. \r\nWhile Kmart has been a household name in the USA, its number has dwindled over the past two years to only 35 stores\r\nremaining.\r\nhttps://www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nKmart Windows domain hit with ransomware\r\nBleepingComputer has learned that Kmart suffered a cyberattack by the Egregor ransomware operation this week that\r\nencrypted devices and servers on the network.\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal\r\nat +16469613731 or on Wire at @lawrenceabrams-bc.\r\nA ransom note shared with BleepingComputer shows that the 'KMART' Windows domain was compromised in the attack.\r\nWhile online stores continue to operate, the 'Transformco Human Resources Site,' 88sears.com, is currently\r\noffline. Employees said that the outage is caused by the recent ransomware attack.\r\n88sears.com suffering an outage\r\nEgregor is known for stealing unencrypted files before deploying their ransomware. The ransomware operation then\r\nthreatens to post the data on ransomware data leak sites if a ransom is not paid.\r\nIt is unknown if the attackers stole data, how many devices were encrypted, or the ransom amount demanded by the Egregor\r\ncybercrime group.\r\nEgregor is a new ransomware operation that started encrypting victims in September 2020. BleepingComputer has been told\r\nby threat actors that after the Maze Ransomware operation shut down, many of their partners switched over to the Egregor\r\noperation.\r\nThis migration of experienced threat actors has allowed Egregor to quickly amass many victims in a short period.\r\nOther well-known companies recently attacked by Egregor include Cencosud, Crytek, Ubisoft, and Barnes and Noble.\r\nBleepingComputer has reached out to Kmart and their parent company Transformco, but has not received a response yet.\r\nUpdate 12/6/20: There are 45 Kmarts operating.\r\nhttps://www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "Malpedia" ], "references": [ "https://www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/" ], "report_names": [ "kmart-nationwide-retailer-suffers-a-ransomware-attack" ], "threat_actors": [], "ts_created_at": 1775434146, "ts_updated_at": 1775791315, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/637841f3fa50a40baac359dcbbc6f34149e3c6d2.pdf", "text": "https://archive.orkl.eu/637841f3fa50a40baac359dcbbc6f34149e3c6d2.txt", "img": "https://archive.orkl.eu/637841f3fa50a40baac359dcbbc6f34149e3c6d2.jpg" } }