A ransomware gang has infected the internal network of Telecom Argentina, one of the country's largest internet service providers, and is now asking for a $7.5 million ransom demand to unlock encrypted files.
The incident took place over the weekend, on Saturday, July 18, and is considered one of Argentina's biggest hacks.
Sources inside the ISP said hackers caused extensive damage to the company's network after they managed to gain control over an internal Domain Admin, from where they spread and installed their ransomware payload to more than 18,000 workstations.
The incident did not cause internet connectivity to go down for the ISP's customers, nor did it affect fixed telephony or cable TV services; however, many of Telecom Argentina's official websites have been down since Saturday.
Since the attack's onset, multiple Telecom employees have now also taken to social media to share details about the incident, and how the ISP has been managing the crisis.
According to images shared online, the ISP appears to have detected the intrusion right away and has been actively warning employees through internal alerts to limit their interaction with the corporate network, not to connect to its internal VPN network, and not open emails containing archive files.
Image source: [protected]
Image source: [protected]
The attackers have also been identified as the REvil (Sodinokibi) ransomware group, according to a now-deleted tweet showing the ransomware gang's dark web portal -- the page where victims are directed to make payments.
This web page currently shows a ransom demand of 109345.35 Monero coins (~$7.53 million), a sum that will double after three days, making this one of the largest ransom demands requested ..
Support the originator by clicking the read the rest link below.
