Telecom Argentina Has Tuesday Deadline to Pay $7.5m Ransom
A major Argentinian ISP has become the latest organization to be hit by a serious ransomware attack, with cyber-criminals demanding millions in payment by today.
Telecom Argentina is thought to have been compromised last week. One insider posted the purported ransom note to Twitter, as well as what appears to be an online placeholder from the firm.
The firm’s official website is currently down and local reports suggested that employees started having trouble accessing internal VPNs and databases as early as last Wednesday.
As most employees are working from home, the incident appears to be causing major disruption to productivity at the firm with staff being told not to log-on to corporate resources.
Reports on social media suggest the REvil (Sodinokibi) group may be behind the attack. If the firm has not paid by the end of today, the attackers are threatening to double the ransom, to be paid in Monero.
The group is known to have targeted vulnerabilities in Citrix and Pulse Secure remote access systems in the past, although it’s not clear at this stage how they compromised Telecom Argentina.
REvil also often steals data belonging to victim organizations, with the now-common strategy of threatening to release sensitive details unless a ransom is paid. It even claimed to have obtained incriminating details on Donald Trump earlier this year after an attack on New York lawyers Grubman Shire Meise ..