21 July 2020

Argentina's largest ISP hit by 7.5M ransomware attack


Argentina's largest ISP hit by 7.5M ransomware attack

Telecom, Argentina's largest telecommunications company, has suffered a ransomware attack over the weekend with hackers demanding a $7.5 million ransom to be paid in Monero cryptocurrency to unlock the encrypted files.

The incident, which took place on Saturday, July 18, caused an extensive damage to the company’s operations. The ransomware operators have encrypted nearly 18,000 workstations on the network leading to the Telecom’s employees experiencing troubles accessing the company's VPN and some of the databases, according to the sources fr om the ISP.

Currently, there is not much information regarding how exactly the attackers were able to compromise the corporate network, but it appears that they did it via emails with malicious attachments.

The hackers initially gained access to the company network, then they hijacked an internal Domain Admin and used the access to infect thousands of machines with ransomware. The attack did not affect the internet connectivity to the ISP's customers, nor did it impact fixed telephony or cable TV services.

According to several Telecom’s employees, who shared some details about the incident on social media, the company detected the intrusion right away and has warned employees via internal alerts to lim it their interaction with the corporate network, not to connect to its internal VPN network, and not to open emails containing archive files.

While the identity of the hacker group responsible for this attack is not confirmed, speculation is the operators behind it are the ReVil (Sodinokibi) ransomware gang, according to a now-deleted tweet showing the crew’s dark web portal.

The page on the portal shows a ransom demand of 109345.35 Monero coins (approximately $7.53 million), and the ransomware operators are threatening to double the amount if the ISP will not pay the ransom by July 21. It is unknown whether the company plans to pay the ransom.


Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022