Argentina’s largest telecom hacked with hackers demanding $7.5 million

The ransomware attack was carried out by hackers on Wednesday.

The ransomware attack was carried out by hackers on Wednesday.

Vulnerable companies get hacked with every day but lately, there has been an increase in ransomware attacks. Yet, the companies targeted rarely due to their top-notch security include Internet Service Providers (ISPs).

One such incident has emerged recently when the largest telecommunications company of Argentina named Telecom S.A. was hacked with the attackers encrypting crucial data and demanding a ransom of $7.5 million in Monero (XMR) cryptocurrency.

The deadline given alongside is the 21st of July on Tuesday – if late, the ransom amount would shoot up to USD 15 million (XMR 216,189).

See: Cloud hosting firm Blackbaud pays ransom after thwarting ransomware attack

An interesting thing to note is that the attackers tried to be ironically convenient by even placing links to websites from where the company could buy Monero to pay the ransom. The impact on the other hand maybe a disruption in the day to day operations of over 18,000 teams.

Nonetheless, Telecom S.A.’s main services such as the Internet and telephone have not been affected reducing the pressure on the company.

Argentina's largest telecom hacked with attackers demanding $7.5 million
Ransomware note

Compromised data

The compromised data in the process includes the company’s files on Microsoft Office365 and OneDrive along with certain internal elements including customer and field service virtual machines, employee PCs, the company’s CRM (Siebel), and the corporate VPN which could in totality number to up to 1000 machines.

According to local media, the ransomware attack took place on Wednesday. As for how the attack occurred, there is no confirmation as of now but probable reasons include a compromise of Siebel, the CRM used by the company which understandably hosts the data of the firm’s clients and would be a valuable target.

See: Fake govt COVID-19 contact tracking app spreads Android ransomware

The company meanwhile has issued a set of recommendations to its employees asking them to refrain from using the corporate network, being careful in opening emails, and also to not turn off their computers.

To conclude, currently the ransomware at play isn’t confirmed either but there are strong speculations that it may be the famed Revil ransomware that has been responsible for a lot of suffering over the past few years.

What companies can learn from this is that perhaps backing up data on multiple sources will always pay off. We’re yet to see how Telecom S.A responds though – the updates shall continue.

Related Posts