Hive ransomware hits Damart clothing store with $2 million ransom

Damart, a French clothing company with over 130 stores across the world, is being extorted for $2 million after a cyberattack from the Hive ransomware gang.

Some of the company's systems have been encrypted and operations have been disrupted since August 15.

A report from Valéry Marchive, who was able to retrieve a leaked ransom note and published details on LeMagIT, notes that the hackers are not willing to negotiate and expect parent company Damartex to pay the full ransom.

Private Hive chat page for Damartex

The threat actors haven't posted the victim on their extortion site, opting to keep negotiations private.

Marchive shared additional information with BleepingComputer, which helped us confirm the attack and extortion.

Damart has not engaged in negotiations with the cybercriminals yet but informed the national police of the incident, which makes it unlikely that Hive would receive a payment.

Timeline of the attack

The first signs of trouble appeared on August 15, when Damart published a message about an unscheduled maintenance on the homepage of its online store.

Damart homepage as seen on August 15, 2022

At that time, following a request for comment from BleepingComputer, Damart stated the following:

"Damart, the mail order clothing brand, based in Bingley, West Yorkshire, has confirmed that there was an attempt to intrude into their IT systems, which they were rapidly able to intercept with strong security protocols.

"As a precaution, they have temporarily restricted some services available to customers, which is why the website is currently offline. Data and system security is a top priority for the business and reassuringly there is no evidence to-date that any customer data has been impacted in any way."

On August 24, it was reported that Damart's sales network wasn't operating normally and the disruption had impacted 92 of its stores. As a result, the number of accepted orders decreased and customer support was unavailable.

The company clarified that the hackers had successfully reached the Active Directory and launched a rushed attack that resulted in encrypting some of the systems.

According to Damart, the reason for degraded services was due to the company's proactive actions by shutting down systems to protect them from being encrypted.

At this time, it is unknown if Hive managed to steal any data during the network intrusion. However, the gang has adopted the double-extortion tactic and exfiltrates data before the encryption stage.

This enables the cybercriminals to put more pressure on the victim to pay a ransom by threatening with a data leak.

Hive ransomware has not listed Damart on their data leak site and the company has repeatedly denied that the hackers stole any data.