Show vulnerabilities with patch / with exploit
2 June 2020

REvil operators leak data stolen from UK electrical middleman Elexon


REvil operators leak data stolen from UK electrical middleman Elexon

Cyber criminals behind the REvil/Sodinokibi ransomware have published online the information stolen from Elexon, the organization that helps balance and settle the UK’s electricity market.

In mid-May Elexon has revealed it has suffered a cyber attack that affected its internal networks and forced the company to take down its email server. According to Elexon, the systems used to manage the UK’s electricity transit were not impacted. At the time, the company did not disclose the nature of the cyber attack, or what malware was involved.

However, security researchers from Bad Packets reported that Elexon had been running an outdated version of Pulse Secure VPN server, and cyber criminals could have exploited vulnerabilities in the software to get access to the company's internal systems.

Now, it appears that Elexon had been a victim of the REvil/Sodinokibi ransomware that stole internal data during the May 14 attack. The operators behind the REvil/Sodinokibi operation have published 1,280 files allegedly stolen from Elexon on their leak site.

According to the cyber security firm Cyble, the exposed data includes highly sensitive and confidential files, as well as snapshots of user’s passports, enterprise renewal application forms, enterprises analysis data, and much more.

Because Elexon did not pay the ransom and restored operation from backups, the REvil/Sodinokibi operators decided to leak the stolen files.

REvil/Sodinokibi is a ransomware that encrypts files on the computers and demands a ransom to recover them. However, the hackers also steal data from victims and then threaten to made stolen data public if the victim refuses to pay the required amount of ransom.

Back to the list

Latest Posts

Weekly security roundup: July 13, 2020

Weekly security roundup: July 13, 2020

A short overview of last week's top stories in the world of cyber security.
13 July 2020
Hackers are attempting to exploit recent Citrix vulnerabilities

Hackers are attempting to exploit recent Citrix vulnerabilities

Citrix downplayed the impact of the vulnerabilities and said they are less likely to be exploited compared to CVE-2019-19781.
13 July 2020
Zoom patches critical bug affecting Zoom client for Windows

Zoom patches critical bug affecting Zoom client for Windows

The company has also released a planned update for Phone and Web users, which brings AES-256 bit encryption.
13 July 2020