Cyber extortionists have hit EDP, a Lisbon, Portugal-based utility and its wind power unit EDPR, threatening to publish massive amounts of the company’s data unless it meets a ransom demand of €10 million ($11 million USD).
The Ragnar Locker ransomware was reportedly the hackers’ weapon of choice used to gain entry into EDP’s corporate network. The crooks said they will either publish or sell the 10 terabytes of EDP’s data they’ve hijacked if the ransom isn’t paid within 20 days, reports said. EDP officials called the cyber attack “potentially catastrophic.”
Ragnar Locker ransomware typically targets software used by managed service providers (MSPs) to prevent an attack from being detected. It’s not known what steps EDP has taken to investigate the infection nor if it has enlisted managed security service providers to help mitigate the damage. EDP has reportedly told local media outlets that the attack has not affected its energy supply.
Critical infrastructure systems worldwide are prime targets for cyber kidnappers. EDP, which posted gross operating income of €3.3 billion in 2018, has roughly 11,000 employees globally. The company has nearly 10 million electricity clients.
“There is only one possible way to get back your files,” the hackers wrote in a demand note posted by Vitali Kremez, who heads threat intelligence consultant SentinalLabs, on his Twitter account. “Contact us and pay for our special decryption key! For your guarantee we will decrypt 2 of your files for free as proof of our capabilities.” The cyber wise guys said they had “gathered the most sensitive and confidential information” of EDP’s billing, clients, contracts, partners and transactions, which will be “publicated for everyone’s view,” the gang said. “If you want to avoid such a harm for your reputation, better pay the amount we asking for.”
The MalwareHunterTeam suggested the hackers may not be bluffing about the amount of stolen data in their hands. “Obviously we can't tell from when they were in EDP's network, but it looks they already had some amount of files stolen on the 6th this month.”
At this point, there’s no word if EDP intends to pay the ransom. In a recent study of ransomware incidents in North America, security specialist Kaspersky recommended that victims refuse to pay a ransom no matter the circumstances. “
“First, paying a ransom will never guarantee that all of your data will be returned – it might be partially returned or not at all. There is also no way to tell if your information has been sold in underground markets once obtained,” said Brian Bartholomew, Kaspersky’s principal security researcher in its global research and analysis team. “Second, paying a ransom only encourages cyber criminals to further carry out these attacks as they are one of the most financially profitable attacks malefactors can perform. The more business organizations give in to ransomware attacks, the more we will see them continue to trend in the threat landscape.”
Still, declining to pay the ransom may not be possible in all cases, cyber negotiators assert. Among the challenges: In addition to encrypting data, some hackers may threaten to release victim data on the Internet -- thereby triggering compliance issues and potential government fines at the hacked company.