Telecom Argentina hit by $7.5m Monero ransomware attack

Hackers have overtaken the internal network of Argentina's biggest telecommunications service, Telecom Argentina S.A., demanding a $7.5 million ransom to be paid in Monero (XMR).

A screenshot circulating on social media appears to reveal the attackers' demands.

"You have 2 days," reads the ransom note, which demands 109,345 XMR ($7.5 million). "If you do not pay in time the price will be doubled."

The note emerged yesterday on what appears to be a computer connected to Telecom Argentina's internal network.

The note indicates that Telecom's files are encrypted, and can only be salvaged via a "general-decryptor" provided by the attackers themselves. It also specifies that if Telecom Argentina fails to pay the ransom before July 21, the price will increase to $15 million (218,690 XMR).

XMR

+1.32%$227.28

---

24H7D1M1YMAX

Price data by

XMR price

Clearly a sophisticated well-orchestrated attack, the ransomers even left instructions on how to buy Monero, offering several crypto exchanges, including Kraken. They even go as far as to provide "chat support" and an "About Us" Page.

Initial reports suggest that no end-users have been affected, and the attack is only limited to Telecom Argentina's internal systems.

A memorandum allegedly issued to Telecom Argentina employees urges against using the network or opening suspicious emails and advises switching off computers until the situation is resolved.

REvil intentions?

As yet, no ransomware group has claimed responsibility. That said, the attacker's modus operandi appears to be in line with that of "REvil." This particular threat group—and its accompanying ransomware of the same name—favors attacking enterprise networks, denying access to sensitive files until a ransom is paid.

Why the Twitter hacker used Bitcoin instead of Monero

Correction: The messages were sent to the hacker's Bitcoin address, rather than from the hacker. The article has been updated where noted. We apologize for the mistake. Yesterday, Twitter was breached and the accounts of several high-profile individuals, including Barack Obama and Joe Biden, tweeted a common Bitcoin scam—that asks you for Bitcoin promising to send some in return, which it doesn’t. [Someone sent several messages to the Bitcoin address owned by the hackers.] They were in the form...

In June, several law firms were struck by a REvil ransomware assault. The attackers posted a repurchase price of $100,000 for a 50GB stash of client data, according to a blog tracking the group. While REvil tends to gravitate toward enterprises, it isn't beneath targeting celebrities such as Madonna, and even President Trump.