Ransomware Attack on electronic retail markets of Media Markt/Saturn

Sicherheit[German]The electronics stores of the Media Markt and Saturn chains (in Germany and the Netherlands) have fallen victim to a successful ransomware attack. The more than 3,100 servers of these companies were encrypted, which has a direct impact on business operations. Numerous stores are running offline in a kind of emergency mode.


On Twitter there is this tweet who shares a screenshot that is probably intended to inform employees internally. According to the tweet, all checkout systems of the stores in Germany and the Netherlands are affected.

According to the tweet above, all files on the servers were encrypted, a behavior after a ransomware attack. Follow-up tweets mention the number of 3,100 servers and initial measures (disconnect network connections, etc.). Employees are warned not to attempt to restore the files themselves or to take action themselves under any circumstances. IT in Ingolstadt (Germany) is working on the problem, one tweet says.

A company spokesperson confirmed the cyber attack to Spiegel Online. The colleagues at Golem write that Ceconomy AG's servers were affected by ransomware. Ceconomy AG operates the merchandise management system to which the Media Markt and Saturn stores are connected. This has made it impossible to access numerous online services of the cash registers at Media Markt and Saturn. The stores can open, but operate offline in a kind of emergency mode.

However, this means that it is not possible to return goods, pick up reserved merchandise, etc. Accessing gift cards or sales documents is also impossible or fraught with major problems.


Golem reports that employees are to disconnect the cash registers from the network to prevent damage, not inform customers about details of the disruption and turn away inquiries from the press.

A spokeswoman for the company states that there was unauthorized access during the night from Sunday to Monday and that all Media Markt/Saturn national subsidiaries (Germany/Netherlands) were affected. The companies' online stores are not affected.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *