Portuguese energy company Energias de Portugal (EDP) has been the victim of a RagnarLocker cyberattack.
According to sources, the hackers responsible for the attack are threatening to release 10TB of sensitive data unless they are paid $10.9m.
According to TechRadar, the hackers stated : “We had downloaded more than 10TB of private information from EDP group servers… we will publish this leak in … famous journals and blogs, also we will notify all your clients, partners and competitors. So it depends on you [to] make it confidential or public!”
EDP has said that the situation is currently being assessed and their dedicated teams are restoring the normal functioning of the systems as soon as possible. They are also working with the authorities to identify the origin and nature of the attack.
Kelvin Murray, Senior Threat Research Analyst, Webroot: “This tactic of holding the confidentiality of the corporate data itself to ransom is still relatively new, and the energy sector has been a particular target of “big game” ransomware cybercriminals in the last year.
“Ransomware criminals look for the most essential services to lock-up as paying a ransom might be considered the safer option than facing the consequences of lost power for millions of people for an indefinite period. These gangs are highly organised and they select their targets wisely. Once they have breached an organisation they look to encrypt as many of the operational systems as possible and consequently they charge extremely high ransoms, easily running into the millions.
“Senior leaders within EDP will currently be working out the potential impact of the release of their confidential data to the business, including potential loss of credibility, loss of business, intellectual property loss, GDPR fines, and weighing that up against the cost of paying the ransom.”
According to Malware Wiki, Ragnar Locker is ransomware that runs on Microsoft Windows and specifically targets software commonly used by managed service providers to prevent their attack from being detected and stopped. Attackers first began using the Ragnar Locker ransomware towards the end of December 2019.