Cyber Incident Victim: Верный
Date:
May 2024
Location:
Russia
Summary
A Russian discount retail chain with over 1,000 stores suffered a cyberattack disrupting its website, mobile app, card payment processing, and online order systems, forcing temporary cash-only operations and causing significant customer frustration. The company suspected extortion motives, with estimated losses potentially exceeding 500 million rubles if unresolved. Security experts noted similarities to a recent ransomware attack on a major delivery firm, though attribution remained unclear, with speculation ranging from independent actors to destabilization attempts amid geopolitical tensions. Concurrently, a pro-Ukraine group claimed unrelated data theft from a Russian auto insurer, though unverified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
A cyberattack disrupted operations at Verny, a major Russian discount retail chain with over 1,000 stores, during a weekend in late May or early June 2024. The attack disabled the company’s website and mobile app, preventing stores from processing bank card payments or fulfilling online orders. Verny confirmed the incident to local news outlets but did not immediately identify the perpetrators. Stores displayed printed notices informing customers of temporary cash-only transactions, leading to customer frustration and abandoned purchases, as documented in videos shared on Telegram. Verny’s general director, Oleg Vysotsky, stated the attackers likely aimed for extortion, though no specific ransom demand was disclosed. The company employed nearly 11,000 people and reported 124 billion rubles ($1.3 billion) in 2023 revenue, with commerce experts estimating immediate losses at 300 million rubles ($3 million), potentially exceeding 500 million rubles ($5.6 million) if disruptions persisted beyond two days. Verny’s team worked to restore systems but had not fully recovered operations at the time of reporting.
The incident followed a similar attack on CDEK, a major Russian delivery company, one week earlier by a group calling itself Head Mare. That attack involved ransomware encrypting CDEK’s servers and destroying backups, paralyzing parcel shipments. While some experts suggested potential links between the Verny and CDEK incidents, Head Mare did not claim responsibility for Verny, and others speculated independent actors might be involved. Dmitry Kuzevanov, a security expert, noted motivations could range from destabilizing Russian retail to masking deeper objectives amid geopolitical tensions. Concurrently, pro-Ukraine group KibOrg claimed a separate breach of the Russian Union of Auto Insurers, though this was unrelated to Verny. Following the CDEK attack, unnamed retail sources indicated many large Russian retailers initiated additional security checks on payment and delivery infrastructure. CDEK reported near-full restoration of services but faced allegations of leaked operational data, which the company denied. Verny’s incident underscored broader vulnerabilities in Russian retail and logistics sectors during a period of heightened cyber activity.