June 30, 2022

Walmart has denied that it suffered from a ransomware attack launched by the Yanluowang gang. Clarification became necessary after the Yanluowang ransomware gang posted an entry to their data leak website on Monday, claiming that they breached the retailer and encrypted between 40,000 and 50,000 devices.

In a statement, Walmart denied the claims. Walmart stated that their “Information Security team is monitoring our systems 24/7,” and believes the claims are untrue.

“We believe this claim is inaccurate and are not aware of a successful attack in this regard on our devices,” a Walmart spokesperson said.

Yanluowang ransomware gang claimed to have carried out the attack over a month ago and were able to encrypt devices but not steal any data. The gang demanded a $55 million ransom from hackers, but never received a response from Walmart.

The entry on Yanluowang’s data leak website contains various files that allegedly contain information extracted from Walmart’s Windows domain during the attack.

Although the attack has been denied, the files on the data leak site contain information purportedly from Walmart’s internal network, including a security certificate, a list of domain users, and the output of a Kerberoasting attack.

The sources for this piece include an article in BleepingComputer.