Renner Case: Would a DNS firewall solution have prevented the ransomware attack suffered by Lojas Renner just over a month ago?
This is the question that has been echoing in the market since August 19, 2021. A day that lasted a long and exhausting 72 hours…
Undeniably, the interest and concern are shared by all businesspeople with a minimum understanding of the gravity of the case .
After all, the ransomware attack that took part of the e-commerce system (website and app), the financial institution's website, and card payments offline also caused slowdowns, unavailability, and major disruptions to the retail giant's operations.
Understand the destructive power of a ransomware attack to prevent and protect your business
First of all, a word of caution. Don't fall into the trap of thinking that cyberattacks only happen to giant companies . That said, let's continue our analysis of the Renner Case.
Does a well-configured DNS firewall prevent and protect against a ransomware attack?
In fact, this is a question our clients ask the Lumiun Internet Security every time the press reports on a major cybercrime .
It's been no different these past 30 days. The ransomware-type cyberattack suffered by Lojas Renner still leaves plenty to talk about...
It's impossible not to talk about this, since ransomware attacks have been the darling of cybercriminals. In fact, in our newsletter , we report on new attacks every week .
Unexpectedly, Lojas Renner spent three long days with its systems down after a ransomware attack.
What would happen if your company closed its doors for the same period?
No matter the size, I'm sure no business owner would want to go through a situation like this .
However, it is these unfortunate incidents that generate interest and promote the ever-beneficial search for information .
Furthermore, being informed and aware of the risks and threats to data security is an important first step towards prevention and protection .
In parallel, many questions arise, such as: what reduces the risk of a company suffering a ransomware attack?
The most incredible thing is that the actions to reduce risks are relatively simple and any company has the full capacity to implement them , such as a DNS firewall solution, for example.
Understanding the Renner Case and the ransomware attack that left it inoperable for three long days
Initially, to understand the Renner Case, let's watch this news story broadcast by CNN on August 20, 2021, one day after the cyberattack that apparently took down the retailer's servers and encrypted its data: Cyberattack takes Renner's website offline, understand the case.
At first glance, understanding the Renner Case and the ransomware attack that occurred seems straightforward . A quick and easy explanation is:
Lojas Renner suffered a massive hacking attack. A ransomware attack took down the retailer's systems, and cybercriminals demanded a hefty ransom to decrypt the data. Despite the difficulties, the company managed to overcome the obstacles and the challenge of independently resuming full operations and regaining control, ownership, and access to its data and files.
Basically, perhaps with different words and different writing styles, this is the current explanation available in the most varied communication vehicles, specialized websites and Lojas Renner's market communications .
Renner Case: Not all that glitters is gold…
Would a DNS firewall solution have prevented the ransomware attack suffered by Lojas Renner just over a month ago?
Surprisingly, the circumstances of the Renner Case are so much more complex than the scenario and context of the ransomware attack that gave rise to them, that they go beyond the possible response, which is exclusively technical .
That is, the answer to the question posed in the first paragraph of this article does not account for reality and all the perspectives and approaches necessary for the Renner Case .
In other words, no matter how assertive the answer “yes, a DNS firewall solution, if well configured and scaled to the size of the company , would have contributed greatly to preventing and minimizing the ransomware attack suffered by Lojas Renner”.
Crisis management of the ransomware attack in the Renner Case
Certainly, it would be simple to answer the initial question, about the effectiveness of DNS firewall in preventing ransomware attacks , if we had full knowledge of all the facts, particularities, characteristics and details.
However, it's not an easy task, mainly for three reasons:
- The lack of official information . Among other reasons, the company's public nature leads to a series of restrictions and strict compliance rules imposed by the Brazilian Securities and Exchange Commission (CVM).
- Speculation has found fertile ground online. From rumors about the amount demanded (between US$1 billion and US$20 million), to a wealth of news, facts, narratives, hypotheses, and even lies about the Renner Case, we'll probably never be able to say with complete certainty which are true or false.
- The legal implications arising from the LGPD ( General Personal Data Protection Law ). In fact, Procon-SP notified Lojas Renner and demanded information about which databases were compromised, the true severity of the situation, and the level of exposure resulting from the ransomware attack. Furthermore, there is a direct implication regarding the LGPD (subject to inspection and fines) if sensitive and confidential data were leaked.
Watch this short video that simply introduces the idea of cyber resilience. In principle, it's a concept that applies well to the circumstances and context surrounding the Renner case .
Renner Case: Cyber Resilience and Compliance
From the same point of view, logic indicates that the ransomware attack on Lojas Renner was not one of the most serious .
Despite the scarcity of information, on the other hand, the reliability of the available data and information is questionable .
However, evidence suggests that Lojas Renner's official version .
- Agility and reaction time. It may seem like a long time, and the losses were certainly significant. But restoring e-commerce and billing systems and resuming online and physical operations in just 72 hours is commendable and significant.
- The protocol action complies with CVM requirements. The word "ransomware" does not appear in the market announcements. Officially, a "cyberattack" occurred that caused "instability in part of its systems and operations."
- The recommended practice is not to negotiate or pay ransom. This is indicated by the statement/denial sent to Exame magazine .
- To date, there is no evidence of a data breach. However, because it involves the LGPD (data collection, storage, processing, and encryption processes), it is an issue that should be clarified and reported to Procon-SP.
What motivated the ransomware attack and led to the Renner Case?
This screenshot that circulated on the internet is explicit, direct and self-explanatory regarding the motivation for the ransomware attack on Lojas Renner: money .
However, we can infer that the increase in the number of ransomware attack cases is due to more than just the greed of crackers .
The vulnerability of internet security and access control processes is the responsibility of companies and business owners.
In fact, cybercrimes only occur because they are possible.
Once prevention and protection processes are effective, risks and threats from cyber attacks will be easily avoided .
According to the important warning from Daniel Avelar , software developer responsible for the YouTube channel Programação Além do Código , in a video about the Renner Case :
"Anyone, at any time, can be attacked. It could be you, Joe on the corner, FedEx, or Lojas Renner."
In addition to providing an interesting chronology, it provides a good analysis of the Renner Case and, most importantly, an important reflection on data security.
The most notable thing, however, is what we can consider a lesson for small, medium and large business owners: without distinction, everyone must be responsible for the data that captivates them…
In this sense, paraphrasing Saint-Exupéry ( The Little Prince ), undeniably, makes perfect sense in times of LGPD.
Ransomware Attack and the Renner Case: Scary Numbers That Cause Losses
The numbers involved in the Renner Case are not only superlative , they also demonstrate the growing impact of cybercriminal activity .
In fact, there is a consensus among experts that ransomware attacks are an extremely harmful practice that will continue to grow exponentially.
As a result, it will cause uncontrollable and difficult-to-measure damage and losses, primarily to companies' finances.
But, above all, to image and reputation. Assets as important as, or even more important than, money.
In fact, another consensus is that attacks like the one carried out against Lojas Renner tend to intensify in Brazil and around the world .
Above all, because ransomware attacks are considered by hackers to be a successful and efficient tool.
The lack of attention and investment in data protection, prevention and security and control of internet access are factors driving the growth of virtual risks and threats .
Pandemic, home office and piracy , likewise, are another combination that also drives the growth of cyber attacks.
The increased volume of remote access to sensitive and confidential data facilitates hacking and makes systems, networks, hardware, and software more vulnerable . This is especially true if the software is pirated.
Kaspersky's 2021 Threat Outlook ( specialized in producing Internet security software) indicates a 23% increase in cyberattacks in Brazil in just the first eight months of 2021, compared to the same period in 2020.
As of August, the 20 most popular malware programs had a combined 481 million malicious attacks . This results in an impressive average of 1,400 blocks per minute .
Just as piracy needs to be banned from the corporate environment, control and security in home offices must be comprehensive . Indeed, this starts with an effective DNS firewall solution.
DNS Firewall to prevent ransomware attack
If you'd like to learn more about this topic, I suggest reading the article Does DNS Firewall Reduce the Risk of Ransomware Attacks? , recently published on the lumiun blog .
