Major Argentine Telecom Falls Victim to $7.5M Monero Ransomware Attack

Published at: July 20, 2020

Telecom, Argentina's largest telecommunications company, has fallen victim to a ransomware attack. Hackers are demanding $7.5 million in Monero (XMR) — an amount that will rise to $15 million if the company does not pay within 48 hours.

Argentina's major telephone company, Telecom, just got hacked. Hackers requesting a ransom of $7.5 million in Monero. $XMR pic.twitter.com/AGNvAXh1cg

— Alex Krüger (@krugermacro) July 19, 2020

According to El Tribuno, the ransomware attack, which specifically affected Telecom’s call center, took place on July 18. The ransomware was ultimately contained by the Argentinian conglomerate’s IT workers. In a statement issued to local media outlets, the company elaborated:

"Telecom reports that it managed to contain a cyber attack attempt, of global dispersion, on its platforms. No critical services of the company were affected. It should also be noted that no client of the company was affected by this situation, as well as the bases of company data. Customer service efforts, suspended preventively, will be gradually restored."

The attack does not seem to have affected services provided by the company such as landlines, mobile phones or the internet.

An alleged well-known ransomware gang behind the attack

ZDNet quotes sources inside the ISP provider who say that hackers caused “extensive damage” to Telecom’s network. They claim the hackers successfully deployed their ransomware to more than 18,000 workstations across the company.

The report also adds that the REvil ransomware gang, or Sodinokibi, could be behind the attack, as the hackers posted a tweet claiming its responsibility by attaching a screenshot of the website, but it was deleted at some point between July 19 and 20.

But as the hacker’s point of entry was a malicious email attachment sent to one of Telecom’s employees, it doesn’t fit at all with the tactics used by the gang, as it often deploys the attack via network-based intrusions by targeting vulnerabilities within the IT infrastructure.

Sites hosted by Telecom Argentina are back after the incident

As of press time, most of the official websites belonging to Telecom are now online after a downtime suffered after the attack.

One of the most prominent tweets is an image from a seemingly official company statement in which it acknowledges the attack and lists a series of recommendations for its employees to follow.

'Masive incident'Telecom IT Support message to some of the workers. #Ransomware pic.twitter.com/8zTug7jMxp

— GuyWithAMask (@GuyWithAMask4) July 19, 2020

Telecom Argentina didn’t provide further information to local media outlets about the incident. It is unknown whether it plans to pay the ransom.

REvil said on June 24 that it will auction over 1 terabyte of data stolen from New York-based entertainment law firm Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities.

Tags
Related Posts
Celebrities May Have Their Dirty Secrets Exposed if Crypto Ransom Is Unpaid
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
Technology / June 24, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Ransomware Victims Are Fighting Back Against Their Attackers and Winning
The No More Ransom decryption tool repository, an initiative launched by Europol to combat ransomware attacks, has saved individuals $632 million in ransom demands since 2016. According to the announcement published by Europol, the repository is celebrating its fourth anniversary. Over the past four years, the repo has gathered over 4.2 million visitors from 188 countries thanks to a compilation of tools from 163 partners. The initiative’s website lists 100 different tools covering 140 different families of ransomware. Covering a wide range of ransomware decryptors The project’s largest contributor is the malware lab, Emsisoft, which has contributed 54 tools so …
Technology / July 27, 2020
Watch Out for This Cryptojacking Botnet That Steals Data From Its Victims
The threat intelligence team at Cisco Systems discovered a new cryptojacking botnet named “Prometei.” This botnet both mines Monero (XMR) and steals data from the targeted system. According to the paper sent to Cointelegraph, the botnet has been active since May. It relies on 15 executable modules to recover administrator passwords from the infected computer. Password validity is verified by sending them to a control server connected to other networks. Once the malware has obtained access to the user’s administrative rights, it proceeds to record all data contained within the system. Cisco Talos estimates this botnet may contain up to …
Technology / July 22, 2020