Energias de Portugal (EDP), one of the major European operators in the energy sector, has been hit by cyberattack this Monday, which affected its customer systems.
According to the Portuguese media, energy giant has confirmed its corporate network has been breached, but says that energy supply remains unaffected. Per reports, EDP has fallen victim to the Ragnar Locker ransomware and now is facing a 1580 BTC (~ €10m) ransomware demand to prevent release of sensitive information stolen by the malware operators.
According to Bleeping Computer, the hackers claim to have stolen 10 TB of sensitive company files, including confidential information on billing, contracts, transactions, clients, and partners.
The Ragnar Locker operators have published on their website several files and screenshots from the breached network, including edpradmin2.kdb file which is a KeePass password manager database. When clicked on the leak site, the link leads to a database export including EDP employees' login names, passwords, accounts, URLs, and notes.
The hackers are threatening to release the stolen information to the public if the asked ransom is not paid.
Ragnar Locker is a ransomware that performs reconnaissance on the targeted network, steals sensitive information, and then threatens victims to release the files to the public if the ransom is not paid. The threat actor behind the malware is known to demand hundreds of thousands of dollars and creates a ransom note that includes the company name. The ransomware targets remote management software used by managed service providers and enumerates all running services on the infected host and stops services that contain a specific string.