Makro parent METRO remains occupied with the aftermath of October’s cyberattack. The company expects a €40 million to €70 million profit loss as a result of the incident.

German wholesale chain METRO was hit by a cyberattack in October. Several IT systems failed in the process. In a recent statement, the company explained that the personal data of current and former METRO employees was misappropriated and publicized on the darkweb.

Financial impact

METRO’s annual report shows that the effects of the incident are still being felt. The attack impacted the financial prognosis for next year. METRO expects tens of millions in profit losses.

The report includes a risk analysis that suggests the company will face more cyberattacks in the coming period. According to METRO, measures have been implemented to minimize risks.

Black Basta

Some experts suspect the attack was carried out by Black Basta. The cybercrime group has been actively launching ransomware attacks since April this year.

SentinelOne research indicates that Black Basta primarily uses proprietary tooling, including EDR fraud software and a custom version of ADFind alongside PrintNightmare, ZeroLogon and NoPac for privilege escalation.

The cybercriminals allegedly have close ties to FIN7. Experts suspect the ransomware variants used by Black Basta and FIN7 originate from the same developer(s).

Tip: Hosted Rackspace Exchange hit by security incident