Walmart, an American retailer, has denied that ransomware attacks from the Yanluowang Gang hit it. The hackers claimed that they had encrypted thousands of computers.

Walmart informed BleepingComputer that their Information Security team monitors our systems 24 hours a day and believes the claims are inaccurate.

A spokesperson for Walmart told BleepingComputer that they believe the claim is incorrect and have not heard of any successful attack on their devices.

Yanluowang ransomware published Monday's entry to their data leak website, a relatively new operation. It claimed they had breached the retailer and encrypted between 40 000 and 50,000.

The data leak site states, "We encrypted approximately 40-50k computers at Walmart and offered our assistance, but they chose to go the opposite way and publish."

BleepingComputer was also told by the ransomware gang that they had carried out the attack more than a month ago. They were able to encrypt devices but not steal data.

They claimed that they had demanded a ransom of $55 million as part of the attack, but Walmart never responded.

The data leak site entry contains several files claiming information about the attack on Walmart's Windows domain.

Walmart claims that an attack was unsuccessful, but these files contain information from Walmart's internal network.

This includes a security certificate and a list of domain users. Also, the output of a Kerberoasting attack.

After gaining access to a network, threat actors use Kerberoasting to extract Windows service accounts and their hashed NTLM credentials.

These passwords are then used to brute-force the plain-text passwords to gain elevated privileges on the Windows domain.