7-Eleven Denmark has confirmed that a ransomware attack was behind the closure of 175 stores in the country on Monday.

The company did not provide any info on the gang responsible other than confirming that threat actors breached their network and encrypted systems.

“This is a so-called ransomware attack, where the criminals have forced access to the network and locked the systems,” 7-Eleven DK said in a statement on Facebook.

“The case is being handled in cooperation with the police, and 7-Eleven is currently not going to go into further detail about the investigation, the scope and the consequences of the attack.”

The attack occurred on Monday, preventing 7-Eleven stores in Denmark from using their cash registers or accepting payment. This led to all 7-Eleven stores getting shut down across the country while the company investigated the incident.

7-Eleven DK says that stores have started to open using local operating solutions, such as accepting cash or MobilePay. A list of 135 7-Eleven stores and kiosks that have resumed operation in some capacity was shared in a Google Docs file.

“I would like to thank the merchants and employees in both the stores and the service office for their enormous efforts and readiness to change, as well as the great support and understanding we have received from customers, suppliers and business partners,” Jesper Østergaard, CEO of 7-Eleven shared on Facebook.

While the company says that there is no evidence that the attack has affected customers, partners, or supplies, now that we know it was a ransomware attack, we will likely also find out if the threat actors stole data soon.

When ransomware gangs conduct attacks, they commonly steal data from internal networks before encrypting devices.

This stolen data is then used as leverage to force a victim into paying a ransom, warning that if a ransom is not paid, the threat actors will publicly leak the data.

No ransomware operation has claimed responsibility for the attack on 7-Eleven DK.

Extracted in full from: 7-Eleven Denmark confirms ransomware attack behind store closures (bleepingcomputer.com)