How many times have we wondered who is behind the big organized retail chains, what are the agreements between those who run the supermarkets and the companies that supply them, how are the suppliers and workers who report to the big food brands treated.
These are questions that most citizens do not know how to answer but which arouse much curiosity, especially at a time in history when there is a growth in consumer awareness and a propensity to make choices that are not only healthier and more sustainable but also more ethical.
Closing this gap was taken care of this time. the Lynx criminal group which launched, last November, a major attack ransomware at Conad Group, which had its outcome a few days ago with the refusal by the GDO group to pay the ransom and the subsequent publication on the Web, by the criminals, According to Fanpage reports, of thousands of confidential and highly sensitive data: a vast amount of internal documents, including human resources and customer materials, scans of paper documents, specifications, communications and contracts with suppliers, as well as contracts and business plans, insurance policies, marketing plans for 2025, letters of employment, employee payroll, and even old vacation plans.
A major breach that puts at risk not only the company, but also everyone involved.
Let’s be clear. The cyber criminals did not carry out this act to satisfy consumers’ desire for information, but for the purpose of blatant profit.
Lynx, in fact, which already has dozens of victims among medium-sized and large companies, is considered a group financially motivated, that is, acting for exclusive financial gain without political agendas, governmental affiliations or other purposes.
This time it chose Conad, evidently because of the thickness of the Group’s turnover.
Conad, in fact, which recently bought the more than 1,600 Auchan and Simply supermarkets in Italy from a market share of 12.9 percent to 16.5 percent, has increased its aggregate turnover from 13.4 to 17.1 billion euros, and is, today in Italy, the undisputed leader in the industry, having even surpassed its historical rival Coop.
The attack is part of the strategy known as “double extortion,” which involves both encrypting the data and threatening to publish it. Thus two ransom demands: one to obtain the decryption key and unlock the compromised systems, the other to prevent public dissemination of the stolen data. Having not received the requested payment, the pirates decided to make the files accessible.
This mode of attack, in which criminals sneak into victims’ systems, steal data and then demand a ransom to keep it private, is spreading as a kind of evolution and at the same time simplification of traditional ransomware, in which servers and affected computers were encrypted and the victim had to pay to get the decryption key.
The ultimate goal remains to pocket the ransom, but the new method makes life easier for criminals who only have to sneak in and steal the information, without worrying about developing or acquiring from others the malware that encrypts hard drives.
Conad’s reaction
In a statement, also released on the Federprivacy portal, Conad, said it immediately informed the Data Protection Authority and the Postal Police and filed a complaint with the Bologna Public Prosecutor’s Office, adding that further investigations are underway to reconstruct what happened and manage the consequences of the incident.
This is the full text of the statement:
“Consorzio Nazionale Dettaglianti (Conad) Soc. Coop. suffered, on November 20, 2024, a cyber attack on its systems, which was promptly repelled thanks to the defense measures immediately implemented. Conad verified that a small amount of data-unstructured and irrelevant, not referring in any way to the sign’s customers-may have been copied. Immediately after the attack, Conad promptly informed the Data Protection Authority and the Postal Police. In these hours, after further reconstructing the affair through information disseminated apparently on websites traceable to the criminals responsible for the attack itself, Conad has filed a complaint regarding the incident with the Public Prosecutor’s Office in Bologna.”
In any case, this is yet another incident in the landscape of cyber attacks that now claim victims daily among companies and organizations.
Often cyber criminals exploit software vulnerabilities or a combination of phishing and social engineering because the weakest link in the chain remains the human factor, thus an employee or coworker who has access to systems and can easily fall victim to a scam.
The Conad affair assumes importance because it is yet another reminder of the imperative need to invest in cybersecurity measures but, above all, in training programs that are tailored to the different types of companies and that are designed as ongoing, quality courses tailored to the level of knowledge of those undertaking them.
Only such training can ensure that companies and organizations are adequately protected against the ever-growing cyber risk in which we all now live immersed.
