Energy giant EDP hit with RagnarLocker ransomware
Attackers demand a $10.9m ransom or they'll leak the company's sensitive files
The Portugese multinational energy giant Energias de Portugal (EDP) is the latest company to fall victim to the RagnarLocker ransomware and the attackers are now asking for a $10.9m ransom to unlock its files.
According to BleepingComputer and MalwareHunterTeam, the attackers claim to have stolen over 10TB of sensitive company files which they are threatening to leak if their ransom demands are not met.
In a post on Ragnarok's leak site, the attackers explained that it is up to EDP whether the company's files remain confidential or are made public, saying:
- SNAKE ransomware looks to encrypt an entire business network
- FBI: Over $140 million handed over to ransomware attackers
- New York wants to ban paying ransomware demands
"We had downloaded more than 10TB of private information from EDP group servers. Below just a couple of files and screenshots from your network only as a proof of possession! At this moment current post is a temporary, but it could become a permanent page and also we will publish this Leak in Huge and famous journals and blogs, also we will notify all your clients, partners and competitors. So it’s depend on you make it confidential or public !"
RagnarLocker ransomware
MalwareHunterTeam discovered the RagnarLocker ransomware sample which was used by the cybercriminals who attacked EDP while BleepingComputer found the ransom note and Tor payment page where the attackers provide further details on the decryption process and the amount of the ransom.
The attackers left their ransom note on EDP's encrypted systems where they were able to steal confidential information on many of the energy giant's business dealings including its billing, contracts, transactions, clients and partners.
The RagnarLocker ransomware was first discovered at the end of last year when it was seen being used in attacks against compromised networks. The cybercriminals behind it often target software used by managed service providers to prevent their attacks from being detected and blocked.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As of now, it is still unclear as to whether or not EDP will pay the large ransom demanded by the attackers but the company was offered a special price if it reaches out within two days of having its systems encrypted. If EDP fails to pay the ransom, the cybercriminals could deliver on their promise to publicly release the 10TB of sensitive data they obtained in the attack.
- We've featured the best ransomware protection.
- Also check out the best cloud antivirus for business.
Via BleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.