In brief
- Hackers compromise the internal network of Argentina's largest Telecommunications firm—holding its data ransom.
- The firm has until July 21 to pay $7.5 million in the privacy coin Monero or the ransom doubles.
- The ransomware used appears to be REvil.
Hackers have overtaken the internal network of Argentina's biggest telecommunications service, Telecom Argentina S.A., demanding a $7.5 million ransom to be paid in Monero (XMR).
A screenshot circulating on social media appears to reveal the attackers' demands.
"You have 2 days," reads the ransom note, which demands 109,345 XMR ($7.5 million). "If you do not pay in time the price will be doubled."
Argentina's major telephone company, Telecom, just got hacked. Hackers requesting a ransom of $7.5 million in Monero. $XMR pic.twitter.com/AGNvAXh1cg
— Krüger (@krugermacro) July 19, 2020
The note emerged yesterday on what appears to be a computer connected to Telecom Argentina's internal network.
The note indicates that Telecom's files are encrypted, and can only be salvaged via a "general-decryptor" provided by the attackers themselves. It also specifies that if Telecom Argentina fails to pay the ransom before July 21, the price will increase to $15 million (218,690 XMR).
Clearly a sophisticated well-orchestrated attack, the ransomers even left instructions on how to buy Monero, offering several crypto exchanges, including Kraken. They even go as far as to provide "chat support" and an "About Us" Page.
Initial reports suggest that no end-users have been affected, and the attack is only limited to Telecom Argentina's internal systems.
A memorandum allegedly issued to Telecom Argentina employees urges against using the network or opening suspicious emails and advises switching off computers until the situation is resolved.
REvil intentions?
As yet, no ransomware group has claimed responsibility. That said, the attacker's modus operandi appears to be in line with that of "REvil." This particular threat group—and its accompanying ransomware of the same name—favors attacking enterprise networks, denying access to sensitive files until a ransom is paid.
In June, several law firms were struck by a REvil ransomware assault. The attackers posted a repurchase price of $100,000 for a 50GB stash of client data, according to a blog tracking the group. While REvil tends to gravitate toward enterprises, it isn't beneath targeting celebrities such as Madonna, and even President Trump.