# Kmart nationwide retailer suffers a ransomware attack **[bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/](https://www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/)** Lawrence Abrams By [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) December 3, 2020 01:08 PM 0 US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned. Sears Holding Corp originally owned both Kmart and Sears, but after the company filed for bankruptcy in 2018, it was purchased by Transform Holdco LLC (Transformco) in 2019. While Kmart has been a household name in the USA, its number has dwindled over the [past two years to only 35 stores remaining.](https://www.forbes.com/sites/michaellisicky/2020/05/09/kmartdown-to-its-last-34-storesfinds-itself-to-be-essential-once-again/?sh=25c6d2b4429c) ## Kmart Windows domain hit with ransomware BleepingComputer has learned that Kmart suffered a cyberattack by the Egregor ransomware operation this week that encrypted devices and servers on the network. If you have first-hand information about this or other unreported cyberattacks, you can [confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.](http://10.10.0.46/tel:+16469613731) ----- A ransom note shared with BleepingComputer shows that the KMART Windows domain was compromised in the attack. While online stores continue to operate, the 'Transformco Human Resources Site,' 88sears.com, is currently offline. Employees said that the outage is caused by the recent ransomware attack. **88sears.com suffering an outage** Egregor is known for stealing unencrypted files before deploying their ransomware. The [ransomware operation then threatens to post the data on ransomware data leak sites if a](https://www.bleepingcomputer.com/news/security/list-of-ransomware-that-leaks-victims-stolen-files-if-not-paid/) ransom is not paid. It is unknown if the attackers stole data, how many devices were encrypted, or the ransom amount demanded by the Egregor cybercrime group. Egregor is a new ransomware operation that started encrypting victims in September 2020. BleepingComputer has been told by threat actors that after the Maze Ransomware operation shut down, many of their partners switched over to the Egregor operation. ----- This migration of experienced threat actors has allowed Egregor to quickly amass many victims in a short period. Other well-known companies recently attacked by Egregor [include Cencosud,](https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/) [Crytek,](https://www.bleepingcomputer.com/news/security/crytek-hit-by-egregor-ransomware-ubisoft-data-leaked/) [Ubisoft, and](https://www.bleepingcomputer.com/news/security/crytek-hit-by-egregor-ransomware-ubisoft-data-leaked/) [Barnes and Noble.](https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-egregor-ransomware-strange-data-leaked/) BleepingComputer has reached out to Kmart and their parent company Transformco, but has not received a response yet. _Update 12/6/20: There are 45 Kmarts operating._ ### Related Articles: [Windows 11 KB5014019 breaks Trend Micro ransomware protection](https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/) [Industrial Spy data extortion market gets into the ransomware game](https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/) [New ‘Cheers’ Linux ransomware targets VMware ESXi servers](https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/) [SpiceJet airline passengers stranded after ransomware attack](https://www.bleepingcomputer.com/news/security/spicejet-airline-passengers-stranded-after-ransomware-attack/) [US Senate: Govt’s ransomware fight hindered by limited reporting](https://www.bleepingcomputer.com/news/security/us-senate-govt-s-ransomware-fight-hindered-by-limited-reporting/) [Egregor](https://www.bleepingcomputer.com/tag/egregor/) [Kmart](https://www.bleepingcomputer.com/tag/kmart/) [Ransomware](https://www.bleepingcomputer.com/tag/ransomware/) [Sears](https://www.bleepingcomputer.com/tag/sears/) [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. [Previous Article](https://www.bleepingcomputer.com/news/security/hacker-for-hire-group-develops-new-stealthy-windows-backdoor/) [Next Article](https://www.bleepingcomputer.com/news/security/credit-card-stealing-malware-hides-in-social-media-sharing-icons/) Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ### You may also like: -----