Hive ransomware gang claims responsibility for attack on Intersport that left cash registers disabled

Sports retail giant Intersport, which boasts some 6000 stores worldwide in 57 countries, has fallen victim to a ransomware attack which disabled checkouts in France during what should have been one of the busiest times of the year.

Shoppers at Intersport's stores in some parts of France were reportedly met with signs telling them that the cyberattack was preventing the use of cash registers, loyalty card and gift card services.

Intersport were quoted as saying that because the hack happened on November 23, stores were impacted during Black Friday sales promotions which would normally be expected to be especially busy.

Manual checkouts and checkouts which were not connected to Intersport's central network were said to be operational, one store manager told the media at the time:

"We work with manual checkouts, we have to note everything by hand to ensure that the stocks follow, which sometimes causes a bit of a wait."

In the days since the attack, the Hive ransomware group has published on its leak website what it claims to be "proof" that it has stolen data from Intersport.

Whether the group has chosen to release information about the attack because Intersport has declined to negotiate, or whether it is to encourage the firm to take the ransom demand more seriously is unclear.

Intersport itself has said that it did not believe customer data had been accessed, and declined to say whether it would be prepared to pay a ransom to its attackers or not.

The company is not a stranger to being targeted by cybercriminals.  In 2020, Intersport was one of a number of retailers to find Magecart payment card-skimming code had been planted on some of its website.

Hive is a ransomware-as-a-service (RaaS) operation, which is used by a number of different cybercriminal gangs to launch extortion attacks on organisations.  Last month the FBI revealed that the Hive ransomware had extorted US $100 million in just 18 months.