Major Argentine Telecom Falls Victim to $7.5M Monero Ransomware Attack

Argentina’s largest telecommunications company has fallen victim to a $7.5 million ransomware attack.
Telecom, Argentina’s largest telecommunications company, has fallen victim to a ransomware attack. are demanding $7.5 million in Monero (XMR) — an amount that will rise to $15 million if the company does not pay within 48 hours.Argentina’s major telephone company, Telecom, just got hacked. Hackers requesting a ransom of $7.5 million in Monero. $XMR— Alex Krüger (@krugermacro) July 19, 2020According to El Tribuno, the ransomware attack, which specifically affected Telecom’s call center, took place on July 18. The ransomware was ultimately contained by the Argentinian conglomerate’s IT workers. In a statement issued to outlets, the company elaborated:”Telecom reports that it managed to contain a cyber attack attempt, of global dispersion, on its platforms. No critical services of the company were affected. It should also be noted that no client of the company was affected by this situation, as well as the bases of company data. Customer service efforts, suspended preventively, will be gradually restored.”The attack does not seem to have affected services provided by the company such as landlines, mobile phones or the internet.An alleged well-known ransomware gang behind the attackZDNet quotes sources inside the ISP provider who say that caused “extensive damage” to Telecom’s network. They claim the hackers successfully deployed their ransomware to more than 18,000 workstations across the company.The report also adds that the REvil ransomware gang, or Sodinokibi, could be behind the attack, as the hackers posted a tweet claiming its responsibility by attaching a screenshot of the website, but it was deleted at some point between July 19 and 20.But as the hacker’s point of entry was a malicious email attachment sent to one of Telecom’s employees, it doesn’t fit at all with the tactics used by the gang, as it often deploys the attack via network-based intrusions by targeting vulnerabilities within the IT infrastructure.Sites hosted by Telecom Argentina are back after the incidentAs of press time, most of the official websites belonging to Telecom are now online after a downtime suffered after the attack.One of the most prominent tweets is an image from a seemingly official company statement in which it acknowledges the attack and lists a series of recommendations for its employees to follow.’Masive incident’Telecom IT Support message to some of the workers. #Ransomware— GuyWithAMask (@GuyWithAMask4) July 19, 2020Telecom Argentina didn’t provide further information to local outlets about the incident. It is unknown whether it plans to pay the ransom.REvil said on June 24 that it will auction over 1 terabyte of data stolen from -based entertainment law firm Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities.

This was syndicated from and originally written by our friends Felipe Erazo at
Ledger Nano S - The secure hardware wallet

Syndicated from