The note emerged yesterday on what appears to be a computer connected to Telecom Argentina's internal network.
The note indicates that Telecom's files are encrypted, and can only be salvaged via a "general-decryptor" provided by the attackers themselves. It also specifies that if Telecom Argentina fails to pay the ransom before July 21, the price will increase to $15 million (218,690 XMR).
Clearly a sophisticated well-orchestrated attack, the ransomers even left instructions on how to buy Monero, offering several crypto exchanges, including Kraken. They even go as far as to provide "chat support" and an "About Us" Page.
Initial reports suggest that no end-users have been affected, and the attack is only limited to Telecom Argentina's internal systems.
A memorandum allegedly issued to Telecom Argentina employees urges against using the network or opening suspicious emails and advises switching off computers until the situation is resolved.
As yet, no ransomware group has claimed responsibility. That said, the attacker's modus operandi appears to be in line with that of "REvil." This particular threat group—and its accompanying ransomware of the same name—favors attacking enterprise networks, denying access to sensitive files until a ransom is paid.
In June, several law firms were struck by a REvil ransomware assault. The attackers posted a repurchase price of $100,000 for a50GB stash of client data, according to a blog tracking the group. While REvil tends to gravitate toward enterprises, it isn't beneath targeting celebrities such asMadonna, and even President Trump.
Want to be a crypto expert? Get the best of Decrypt straight to your inbox.
Get the biggest crypto news stories + weekly roundups and more!