Telecom SA, the largest telecommunications company in Argentina, has suffered a ransomware attack as hackers demand USD 7.5 million in the privacy currency Monero (109,345 XMR) that must be paid until the night of Tuesday, July 21 . If the company does not meet the deadline, the amount to be paid will rise to USD 15 million (XMR 218,690).
According to the local media, the attack has not affected users or the Internet and telephone services provided by Telecom Argentina SA. However, the company would have lost access to Office365 and OneDrive files. Other affected internal systems include corporate VPN, Citrix, Siebel, Genesys, Customer and Field Service virtual machines, and internal users' PCs.
The attack has probably come through an attachment in an email. According to the Twitter user @pablowasserman, malware pointed to the company's Siebel customer relationship management (CRM) software, which contains customer data.
In a leaked internal memo to employees, the company said it was looking for a viable solution as soon as possible, simultaneously asking its employees to avoid certain behaviors such as using the corporate network, opening suspicious files or emails from unknown recipients, and turning off computers. until the situation returns to normal.
– Alex Krüger (@krugermacro) July 19, 2020
Telecom Argentina SA has not yet issued an official statement on the situation.
According to local reports, the attack started on Wednesday, when employees began noticing problems accessing the company's VPN and other databases. Preliminary estimates indicate that the attack may affect the daily operations of at least 18,000 teams.
– GuyWithAMask (@ GuyWithAMask4) July 19, 2020
The hackers are asking for a ransom of 109,345 XMR ($ 7,500,000) to be paid in the Monero privacy currency (XMR) and even left a ransom message with links where to buy it. If the amount is not paid the night of Tuesday, July 21, it will double to 218,690 XMR (USD 15,000,000).
The malware used in the attack is the REvil ransomware, also known as Sodinokibi, which was first detected on April 17, 2019. The malware is used by a financially motivated group, GOLD SOUTHFIELD.
Ransomware is a type of malware that aims to encrypt files on infected computers and make them inaccessible until payment is made. Even when payment is made, there is no guarantee that hackers will unlock the files.
The hack occurred just days after the massive Twitter hack involving Bitcoin, which is now being investigated by the FBI. The incident has sparked discussions about which cryptocurrency is best suited for scammers: XMR or BTC. The month before, it was reported how the ISIS affiliate website changed from accepting Bitcoin donations to Monero due to insufficient privacy measures on the Bitcoin network.
… Meanwhile someone hacked Telecom Argentina and asks for Monero. Not bitcoin. https://t.co/cCCiOdivgB
– твой таможенный союзник (@pyrzqxgldg) July 19, 2020
Congrats on this. Seriously. @fluffypony https://t.co/ioxruEewrT
– Samson Mow (@Excellion) July 19, 2020
So is this a competition? Who has the better scams / hacks? 😅
– Emzy (₿⚡️) (@emzy) July 19, 2020