Serviceteam IT Security News

Telecom Argentina says it has contained the attack and regained access to its systems without paying up

Telecom Argentina, one of the country’s largest Internet Service Providers (ISPs), has suffered a major ransomware attack, according to a local report. The cybercriminals behind the attack demanded US$7.5 million in Monero cryptocurrency to unlock the encrypted files, but the company claims that it has restored access to its systems and that it hasn’t caved in to the extortionists’ demands.

The attack, which took place over the weekend, apparently didn’t have a sizeable impact on services provided by the company – the internet connection didn’t go down, nor were the landlines or any of its other services disrupted. However, there was some impact on systems that provide remote customer service.

The payload was delivered in an email attachment that was downloaded and opened by one of the employees. Ultimately, the attackers hijacked an internal Domain Admin and used it to spread the infestation to over 18,000 workstations. Having spotted the infiltration, the company sent out an internal communication to its customer service employees about the incident.

RELATED READING: Ransomware: To pay or not to pay?

The notice, which was later also shared by employees on various social media platforms, urged staff to minimize access, including through VPN, to the corporate network. The employees were also told not to open emails from unknown addresses and to turn off any compromised computers immediately.

According to ZDNet, the company was hit by Sodinokibi aka REvil ransomware, a threat also described in ESET’s recent Threat Report. Besides demanding a payment for unlocking access to the files, the operators of the Sodinokibi ransomware are known to ramp up pressure on victims by threatening to dump their sensitive information online.

In recent years, the ransomware scourge has affected organizations of all sizes, including small businesses, healthcare providers and city governments. In 2018, the US city of Atlanta was struck by an especially costly ransomware attack.

An executive audience could benefit from perusing ESET’s white paper on how enterprises can mitigate the risks of ransomware attacks. In recent years, the Remote Desktop Protocol (RDP) has become an increasingly popular attack vector for ransomware-wielding gangs, who typically brute-force their way into a poorly secured network, elevate their rights to admin level, disable or uninstall security solutions and then run ransomware to encrypt crucial company data.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!