In brief

  • Hackers compromise the internal network of Argentina's largest Telecommunications firm—holding its data ransom.
  • The firm has until July 21 to pay $7.5 million in the privacy coin Monero or the ransom doubles.
  • The ransomware used appears to be REvil.

Hackers have overtaken the internal network of Argentina's biggest telecommunications service, Telecom Argentina S.A., demanding a $7.5 million ransom to be paid in Monero (XMR).

A screenshot circulating on social media appears to reveal the attackers' demands.

"You have 2 days," reads the ransom note, which demands 109,345 XMR ($7.5 million). "If you do not pay in time the price will be doubled."

The note emerged yesterday on what appears to be a computer connected to Telecom Argentina's internal network.

The note indicates that Telecom's files are encrypted, and can only be salvaged via a "general-decryptor" provided by the attackers themselves. It also specifies that if Telecom Argentina fails to pay the ransom before July 21, the price will increase to $15 million (218,690 XMR).

Monero
XMR
-2.09%$223.87
24H7D1M1YMAX
Created with Highcharts 10.3.3Feb 26Feb 28Mar 2Mar 4Mar 6Mar 8Mar 10Mar 12Mar 14Mar 16Mar 18Mar 20Mar 22Mar 24Mar 26$200$210$220$230$240$190
Price data by
XMR price

Clearly a sophisticated well-orchestrated attack, the ransomers even left instructions on how to buy Monero, offering several crypto exchanges, including Kraken. They even go as far as to provide "chat support" and an "About Us" Page.

Initial reports suggest that no end-users have been affected, and the attack is only limited to Telecom Argentina's internal systems.

A memorandum allegedly issued to Telecom Argentina employees urges against using the network or opening suspicious emails and advises switching off computers until the situation is resolved.

REvil intentions?

As yet, no ransomware group has claimed responsibility. That said, the attacker's modus operandi appears to be in line with that of "REvil." This particular threat group—and its accompanying ransomware of the same name—favors attacking enterprise networks, denying access to sensitive files until a ransom is paid.

Hackers often target cryptocurrency transactions. Image: Shutterstock

Why the Twitter hacker used Bitcoin instead of Monero

Correction: The messages were sent to the hacker's Bitcoin address, rather than from the hacker. The article has been updated where noted. We apologize for the mistake. Yesterday, Twitter was breached and the accounts of several high-profile individuals, including Barack Obama and Joe Biden, tweeted a common Bitcoin scam—that asks you for Bitcoin promising to send some in return, which it doesn’t. [Someone sent several messages to the Bitcoin address owned by the hackers.] They were in the form...

NewsCoins
2 min read
Shaurya Malwa

In June, several law firms were struck by a REvil ransomware assault. The attackers posted a repurchase price of $100,000 for a 50GB stash of client data, according to a blog tracking the group. While REvil tends to gravitate toward enterprises, it isn't beneath targeting celebrities such as Madonna, and even President Trump.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.