Two Brazilian state-owned utility companies, Eletrobras and Copel, were hit by separate ransomware attacks over the past week, temporarily disrupting some of their operations and services.
Last week, Centrais Eletricas Brasileiras (Eletrobras), the largest largest power company in Latin America, which also owns Eletronuclear, a subsidiary involved in the construction and operations of nuclear power plants, issued a statement where it said its Eletronuclear subsidiary was hit by a ransomware attack.
The security incident impacted some of the administrative network servers and did not affected operations at nuclear power plants Angra 1 and Angra 2. Operations at the two plants were disconnected from the administrative network, the company also suspend some of its systems to protect the integrity of data.
Eletrobras did not say whether any data was stolen during the attack, or who the culprits behind the attack might have been.
According to Bleeping Computer, the ransomware attack against Copel, the largest company in the state of Paraná, appears to be the work of the Darkside ransomware group, who claims to have stolen over 1,000GB of data from the company, including “sensitive infrastructure access information and personal details of top management and customers.”
The intruders reportedly accessed Copel’s CyberArk solution for privileged access management and exfiltrated plaintext passwords from the company’s local and internet infrastructure. The attackers also claim to have stolen the database with Active Directory (AD) data - NTDS.dit file, which includes information about user objects, groups, group membership, and password hashes for all users in the domain.
“Darkside does not provide stolen data on their leak site. Instead, they set up a distributed storage system to host it for six months,” Bleeping Computer wrote.
In a filing with the Securities and Exchange Commission (SEC) the company said that upon detecting the attack it took measures to prevent it from spreading across the network. The incident did not impact the main systems, and the electricity supply along with telecommunications services were also unaffected.