Multinational utility company Energias de Portugal (EDP) falls victim to Ragnar Locker ransomware.
The attack took place on Easter Monday (13 April), with the attackers claiming to have stolen 10 terabytes of sensitive company files. The perpetrators warned they’d release or sell the data if a $10.9 million ransom isn’t paid within a 20 day deadline.
Hackers left their demands on EDP’s encrypted systems after supposedly stealing confidential information including recent transactions, contracts and billing details. In addition, they’ve also gained access to EDP employees’ account details and passwords.
2020-04-14:🆕🔥#RagnarLocker (!Ragnarok) #Ransomware🔒— Vitali Kremez (@VK_Intel) April 14, 2020
🇵🇹Extorting Energias de Portugal Group for 10 Mil Euro
🔦Remote Service Killer (Prevent Easy Recovery) + Backup & Database:
LogMein | ConnectWise | Splashtop| Pulseway
h/t @malwrhunterteam pic.twitter.com/1TzagS8pUZ
EDP Group is one of Europe’s biggest energy companies, with a presence in 19 countries across four continents. It employs more than 11,500 staff and operates 26 GW of wind power. This makes it the fourth-largest producer of wind energy in the world.
It accepts its systems had been compromised but that critical infrastructure wasn’t affected. In a statement, the company also denied all knowledge of any ransom demand.
“EDP was the target of a computer attack on its corporate network this Monday, April 13th, which conditioned part of its services and operations.
“The power supply service and critical infrastructure, however, have never been compromised and we continue to ensure this operation as normal.
“EDP is working with the authorities, that were immediately notified of the attack to identify the origin and anatomy of the attack. At this moment, we have no knowledge of this alleged ransom demand. We have only seen this information disclosed in the media, which we cannot verify.”
– Media statement from EDP Group
Ragnar Locker was first discovered by cybersecurity experts at the end of 2019. The ransomware targets software used by managed service providers (MSPs), which makes it difficult to detect and block.
Cybersecurity And Energy Grids
Portugal isn’t the first country where energy infrastructure is targeted by cybercriminals. Ukraine’s power grid was hit in both 2015 and 2016. While last summer saw Johannesburg Electricity Company struck down by a ransomware attack.
Earlier this year, TÜV Rheinland warned about the growing cyber threat and how the rise in smart devices could expose weaknesses in critical systems.