Telecom Argentina, one of the largest internet service providers in Argentina was hit with a ransomware attack and the ransomware operators are demanding for a $7.5 million ransom to unlock encrypted files.
The internal network of Telecom was infected on Saturday, July 18, and is considered to be one of the biggest hacks of Argentina.
According to the sources from the ISP, the attackers have caused huge damage to the company’s network. They attained control over an internal Domain Admin, from where they spread and installed their ransomware payload to more than 18,000 workstations.
The attack did not affect the internet connectivity or fixed telephony or cable TV services, but many of Telecom Argentina’s official websites were down since Saturday.
Several employees of Telecom have now used social media to share details regarding the incident, and how the ISP has been managing the crisis.
The ISP detected the intrusion immediately and have actively warned employees through internal alerts to limit their interaction with the corporate network, not to connect to its internal VPN network, and not to open emails containing archive files.
This web page where victims are directed to make payments shows a ransom demand of 109345.35 Monero coins (~$7.53 million). The deadline for the payment is tomorrow, July 21st, and if the firm doesn’t pay the ransom, the hackers threaten to double the amount. This would make it the largest ransom demands requested in a ransomware attack this year. Telecom Argentina has not responded to the incident so far.
Even though the identity of the hacking group is not confirmed, there speculations that the attackers belong to the REvil (Sodinokibi) ransomware group, according to a now-deleted tweet showing the ransomware gang’s dark web portal.
According to local media, the ISP believes the hackers have entered the internal network through a malicious email attachment received by one of its employees. This however is not the normal modus operandi of the REvil gang.
The REvil “leak site” did not list Telecom Argentina as one of their victims as of now.
Image Credits : Plataformas