Argentina’s largest telecommunications firm, Telecom, has been hit with a ransomware attack in which the attackers are demanding a ransom of 109,345.35 XMR, worth over $7.5 million at press time.
According to local news outlets, the hackers managed to infect the firm’s systems with ransomware via a malicious email attachment. The hackers gave the firm two days to pay the 109,000 XMR, or else the price would double to 218,690.7 XMR, over $15 million.
In the ransom note, the hackers gave Telecom guidance on how to buy the privacy-centric cryptocurrency and even included a chat support feature. Whether Telecom has used it or will even be paying the ransom is unclear.
Ataque de ransomware a Orange y Telecom Argentina. Les han colado REvil (a.k.a. Sodinokibi) sobre Office365 y OneDrive con 18.000 equipos afectados y escalamiento de privilegios a Domain Admin. El rescate: 7.5 millones de dólares en la cripto Monero. Mi apuesta: empleado otra vez pic.twitter.com/fBpsgMLgsu
— Marcos Besteiro (Marcos#BLMatters) (@MarcosBL) July 19, 2020
Telecom was founded in 1990 and has since managed to become the largest telecommunications firm in Argentina. The ransomware attack is said to have affected 1,000 machines in Telecom’s systems, but not its services: landlines, cell phones, and internet services were not affected.
While it isn’t clear who was behind the attack, speculators suspect a well-known ransomware group going by REvil could be to blame, as it has carried out similar ransomware attacks in the past, demanding BTC to decrypt the systems of organizations it managed to attack.
After infecting London-based exchange firm Travelex and forcing it to pay a $2.3 million ransom in BTC, REvil reportedly announced it was moving away from bitcoin to only start demanding ransoms in Monero, as the privacy-centric cryptocurrency makes it harder for authorities to track down the flow of funds.
This, in turn, would make it easier for the ransomware’s operators to launder the funds, as there are no public records of transactions conducted on the XMR blockchain.
Featured image via Pixabay.