Renner case: would the DNS firewall have prevented the ransomware attack?

Renner case: would a DNS firewall solution have prevented the ransomware attack suffered by Lojas Renner just over a month ago?

This is the question that has been echoing in the market since August 19, 2021. A day that lasted a long and exhausting 72 hours…

Undeniably, the interest and concern are shared by all businesspeople with a minimum understanding of the seriousness of the case .

After all, the ransomware attack that took part of the e-commerce system (website and application), the finance company's website and card payments offline, also caused slowness, unavailability and major disruptions to the retail giant's operations.

Understand the destructiveness of a ransomware attack to prevent and protect your company

First of all, it's worth a warning. Don't get into the trap of thinking that cyberattacks only happen to giant companies . That said, let's continue this analysis of the Renner Case.

Does a well-configured DNS firewall prevent and protect against a ransomware attack?

Lumiun Internet Security 's team of consultants every time the press reports on a major cybercrime .

It was no different these last 30-odd days. Because the ransomware-type cyber attack that Lojas Renner suffered still leaves a lot to be desired...

It is impossible not to talk about this, since the ransomware attack has been the “favorite” of digital criminals. In fact, in our newsletter , we report new attacks every week .

Unexpectedly, Lojas Renner spent three long days with its systems inoperative after a ransomware attack.

What would happen if your company remained closed for the same period of time?

Without a doubt, size doesn't matter. Small, medium or large, I'm sure no businessman would want to go through a situation like this .

However, it is these unfortunate incidents that generate interest and promote the always beneficial search for information .

Furthermore, being informed and aware of the risks and threats to data security is a first and important step towards prevention and protection .

In parallel to this, many questions arise such as: what reduces the risks of a company suffering a ransomware attack?

The most incredible thing is that the actions to reduce risks are relatively simple and any company has the full capacity to implement , such as a DNS firewall solution, for example.

Understanding the Renner Case and the ransomware attack that left her inoperative for three long days

Initially, to understand the Renner Case, let's watch this news broadcast by CNN , on August 20, 2021, one day after the cyber attack that apparently took down the retailer's servers and encrypted its data: Cyber attack leaves the retailer's website Renner off air, understand the case.

At first, understanding the Renner Case and the ransomware attack that occurred seems simple . A quick and easy explanation is:

Lojas Renner suffered a large-scale cracker attack. A ransomware attack took down the retail chain's systems and cybercriminals demanded a large ransom to decrypt the data. Even with difficulties, the company managed to overcome the obstacles and the challenge of, on its own, resuming full operations and control, ownership and access to its data and files.

Basically, perhaps with other words and different writing styles, this is the current explanation available in the most varied media outlets, specialized websites and Lojas Renner's market communications .

Renner case: not everything that glitters is gold…

Would a DNS firewall solution have prevented the ransomware attack suffered by Lojas Renner just over a month ago?

Surprisingly, the circumstances of the Renner Case are so much more complex than the scenario and context of the ransomware attack that gave rise to them, which go beyond the possible answer, which is exclusively technical .

That is, the answer to the question proposed in the first paragraph of this article does not account for the reality and all the perspectives and approaches necessary to the Renner Case .

In other words, no matter how assertive the answer “yes, a DNS firewall solution, if well configured and scaled to the size of the company , would have greatly contributed to avoiding and minimizing the ransomware attack suffered by Lojas Renner”.

Crisis management of the ransomware attack in the Renner Case

certainly be simple to answer the initial question, about the effectiveness of the DNS firewall to prevent ransomware attacks , if we were fully aware of all the facts, particularities, characteristics and details.

However, it is not an easy task. Mainly for three reasons:

The scarcity of official information . Among other reasons, as the company is publicly traded, a series of restrictions and strict compliance rules imposed by the CVM (Securities Commission).
Speculation has found fertile ground on the Web. There have been rumors about the amount demanded (between $1 billion and $20 million). Anyway, we have a lot of news, facts, narratives, hypotheses and even lies about the Renner Case. We will probably never be able to say with complete certainty which one(s) are true or not…
The legal implications arising from the LGPD ( General Personal Data Protection Law ). In fact, Procon-SP notified Lojas Renner and demanded information about which databases were compromised, the real seriousness of the situation and the level of exposure resulting from the ransomware attack. Also, there is the direct implication with the LGPD (subject to inspection and fines), if there has been a leak of sensitive and confidential data.

Watch this short video that, in a simple way, presents the idea of cyber resilience. In principle, a concept that applies well to the circumstances and context involved in the Renner Case .

Renner case: cyber resilience and compliance

From the same point of view, logic indicates that the ransomware attack on Lojas Renner was not the most serious .

Despite the scarcity of information, on the other hand, the reliability of the data and information available is questionable .

However, evidence leads us to believe in the official version of Lojas Renner .

Agility and reaction time. It may seem like a long time and, certainly, the losses were great. However, reestablishing e-commerce and billing systems and resuming virtual and physical operations in just 72 hours is commendable and relevant.
Protocol action, in accordance with what is required by the CVM. The word “ransomware” does not appear in communications to the market. Officially, a “cyber attack” occurred that generated “instability in part of its systems and operations”.
The best practice is not to negotiate or pay ransom. The indication of this procedure is the statement/denial sent to Exame magazine .
To date, there is no evidence of data leakage. However, as it involves the LGPD (data collection, storage, processing and encryption processes) it is an issue that must be clarified and informed to Procon-SP.

What motivated the ransomware attack and gave rise to the Renner Case?

This print screen that circulated on the internet is explicit, direct and self-explanatory in relation to the motivation for the ransomware attack on Lojas Renner: money .

However, we can infer that the increase in the number of ransomware attack cases is due to more than just the greed of the hackers .

The vulnerability of security processes and internet access control is the responsibility of companies and entrepreneurs.

In fact, cybercrimes only occur because they are possible.

When prevention and protection processes are effective, risks and threats from cyber attacks will be easily avoided .

According to the important warning from Daniel Avelar , software developer responsible for the YouTube channel Programação Além do Code , in a video about the Renner Case :

“Anyone, at any time, can be attacked. It could be you, Zé on the corner, FedEx or Lojas Renner.”

In addition to providing an interesting chronology, he provides a good analysis of the Renner Case and, above all, an important reflection on data security.

The most notable thing, however, is what we can consider a lesson for small, medium and large business owners: without distinction, everyone must be responsible for the data that captivates...

In this sense, paraphrasing Saint-Exupéry ( The Little Prince ) undeniably makes perfect sense in times of LGPD.

Ransomware attack and Renner Case: numbers that scare and cause losses

The numbers involved in the Renner Case are not only superlative . They also give the dimension of the growth in the activities of cybercriminals .

In fact, there is a consensus among experts that ransomware attacks are an extremely harmful practice that will continue to grow exponentially.

As a result, it will cause uncontrollable and difficult-to-measure damages and losses. Firstly, company finances.

But, mainly, to image and reputation. Assets that are as important or more important than money.

In fact, another consensus is that attacks like the one carried out against Lojas Renner tend to intensify in Brazil and around the world .

Above all, because the ransomware attack is considered by hackers to be a successful and efficient tool.

The lack of attention and investment in data protection, prevention and security and internet access control are driving factors for the growth of virtual risks and threats .

Pandemic, home office and piracy , likewise, are another combination that also drives the growth of cyber attacks.

The increase in the volume of remote access to sensitive and confidential data facilitates invasion and leaves systems, networks, hardware and software more vulnerable . Even more so if they are pirated programs.

The 2021 Threat Panorama from Kaspersky (specialized in the production of Internet security software) indicates a 23% increase in cyberattacks in Brazil, in just the first eight months of 2021, compared to the same period in 2020.

Until August, the 20 most popular malware totaled 481 million malicious attacks . As a result, we have an impressive average of 1,400 blocks per minute .

Just as piracy needs to be banned from the corporate environment, the control and security of remote internet access in a home office must be complete . In fact, what starts with an effective DNS firewall solution.