Hacker group Ragnarok recently stole upto 10TB of data belonging to Portuguese energy giant EDP and is now threatening to leak the stolen data if a ransom of $10.9 million is not paid by the company.
In an update posted on its website, the hacker group said that it is completely up to EDP whether the company’s data remains confidential or goes public.
"We had downloaded more than 10TB of private information from EDP group servers. Below just a couple of files and screenshots from your network only as a proof of possession! At this moment current post is a temporary, but it could become a permanent page and also we will publish this Leak in Huge and famous journals and blogs, also we will notify all your clients, partners and competitors. So it’s depend on you make it confidential or public!" the post read.
Hackers affiliated with Ragnarok were able to gain access to EDP's contracts, billing, transaction and client details after using the RagnaLocker ransomware to gain access to the company's network. They also left a ransom note on EDP's encrypted systems from where they collected the confidential data.
The ransomware RagnaLocker was used in December last year by hackers to specifically target software commonly used by managed service providers to prevent their cyber attacks from being detected and stopped.
As of now, it is unclear if EDP will pay the ransom demanded by the cyber criminals. The attackers, however, have offered to agree to a discounted amount if EDP agrees to pay the ransom within two days. But if EDP fails to pay the ransom, the hackers could live up to their promise and release 10TB worth of stolen data to the public.
Commenting on the ransomware attack, Joseph Carson, Chief Security Scientist at Thycotic, told TEISS that ED has fallen victim to the RagnarLocker Ransomware variant which is being used to steal and encrypt sensitive data so even if the victim is able to restore the data from a backup the adversary threatens to publicly leak the stolen data which can result in both brand and financial damage.
“Recently Travelex in the UK fell victim to the Sodinokibi Ransomware with a similar attack method, pay or data will be destroyed and leaked publicly which ultimately led to Travelex services being offline for more than two weeks and it has now emerged that Travelex had paid the cybercriminals $2.3 million which essentially finances future cybercrime.
Companies must secure privileged access to prevent ransomware attacks from succeeding
“At this time is not known which approach EDP will take, how many of their services are unavailable or whether they have a planned and tested incident response plan. Companies need to change their approach to ransomware rather than trying to recover after an incident, especially during these chaotic times with many employees working from home leaving more companies are now at risk, the best approach to reduce the risk is for companies to take the principle of least privilege approach which effectively stops most ransomware. Controlling and securing privileged access as well applying the principle of least privilege is an effective measure at reducing the risks from ransomware attacks,” he added.
Sam Curry, chief security officer at Cybereason also told TEISS that if the hackers were able to steal sensitive and confidential information on partners, billing procedures, contracts and other proprietary information, EDP's focus needs to be on doing everything humanly possible to secure that data. Having backups of their files and resuming regular business operations is low on their priority list during the first 24-48 hours of incident response measures.
“It is my hope that EDP has this situation under control, and that other companies use this news as a wake-up call to immediately engage around the clock threat hunting services in order to root out suspicious behaviour before it becomes catastrophic. Companies can no longer rely solely on maintaining backup copies of files and security hygiene to keep crime actors at bay. Lastly, organisations should deploy advanced anti-ransomware technology to prevent the effective execution of ransomware and help to make cyber crime a less profitable and attractive business,” he added.