Attackers hacked the internal network of Argentinian Telecom, one of the country’s largest web service providers, demanding a ransom of $7.5 billion to unhook the encrypted data
Attackers hacked the internal network of Argentinian Telecom, one of the country’s largest web service providers, demanding a ransom of $7.5 billion to unhook the encrypted data.
The attack took place on July 18th and stated as one of Argentina’s massive hacks.
The hackers managed to attain control over an internal Domain Admin, from where they spread and installed their ransomware payload to more than 18,000 workstations causing widespread damage to the company's network.
The ISP detected the intrusion immediately and have actively instructed company staff through internal alerts to limit their interaction with the corporate network, not to connect to it's inside VPN network, and not to open emails containing archive files.
The attack did not affect the internet connectivity or fixed telephony or cable TV services, nor did it cause web connectivity to move down for the ISP’s shoppers. A lot of Telecom Argentina’s authorized websites we're down since Saturday.
The victims were directed to a webpage demanding to make payment of 109345.35 Monero coins ($7.53million). The hackers asked to make the payment on or before July 21st and threatened to double the amount if not paid. It is one of the most massive ransom calls requested in a ransomware attack this year.
Since the attack’s onset, a couple of staff have taken to social media to share information about the incident, and the way the ISP has been managing the situation.
The attackers have been identified as the REvil (Sodinokibi) group according to the ransomware gang’s dark web page where the victims are directed to make payments.
Telecom Argentina did not respond about the incident, when contacted through native press nor did mention if it intends to pay the ransom call.
The ISP speculates that the door for hackers is through a malicious email attachment received by one of its employees, but this does not fit into the manner of Devil gang’s usual midus operandi.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online