Telecom Argentina says it has contained the attack and regained access to its systems without paying up
Telecom Argentina, one of the country’s largest Internet Service Providers (ISPs), has suffered a major ransomware attack, according to a local report. The cybercriminals behind the attack demanded US$7.5 million in Monero cryptocurrency to unlock the encrypted files, but the company claims that it has restored access to its systems and that it hasn’t caved in to the extortionists’ demands.
The attack, which took place over the weekend, apparently didn’t have a sizeable impact on services provided by the company – the internet connection didn’t go down, nor were the landlines or any of its other services disrupted. However, there was some impact on systems that provide remote customer service.
The payload was delivered in an email attachment that was downloaded and opened by one of the employees. Ultimately, the attackers hijacked an internal Domain Admin and used it to spread the infestation to over 18,000 workstations. Having spotted the infiltration, the company sent out an internal communication to its customer service employees about the incident.
RELATED READING: Ransomware: To pay or not to pay?
The notice, which was later also shared by employees on various social media platforms, urged staff to minimize access, including through VPN, to the corporate network. The employees were also told not to open emails from unknown addresses and to turn off any compromised computers immediately.
According to ZDNet, the company was hit by S ..
Support the originator by clicking the read the rest link below.
