- Argentina’s largest telephone company has been hacked. The hackers are now demanding a ransom of $7.5 million in Monero (XMR).
- Sociedad Licenciatario Norte S.A or commonly referred to as Telecom as said is the largest telephone service company in Argentina.
- The REvil ransomware which is also known as Sodinokibi.
A few hours ago, Telecom users began flooding Twitter implying that Argentina’s largest telephone company has been hacked by ransomware. The hackers are now demanding a ransom of $7.5 million in Monero (XMR).
— Alex Krüger (@krugermacro) July 19, 2020
Ransomware Affected The Office365 And OneDrive Files Of The Employees
Sociedad Licenciatario Norte S.A or commonly referred to as Telecom as said is the largest telephone service company in Argentina. It’s becoming a victim of ransomware is a big matter of concern. However, it has been reported that no users or the landline, cell phone or internet services have been hampered. The hackers have attacked Telecom’s owned Windows hardware, the main reason why the service networks were not affected. The ransomware appears to have particularly affected the OneDrive and Office365 files on the computers of the Telecom staff. Right now all the hacked files are concealed with secret code and they are demanding a ransom of $7.5 million in Monero which will be doubled to $15 million if not given in the next 48 hours.
Staffs Were Unable To Access Company’s VPN
The employees have reported that they were having trouble using the company’s VPN prior to the confirmation of the attack of the ransomware on the company. They have also said that the Siebel system where they have access to Personal, Arnet, Telecom and Fibertel databases, was working badly. It is being guessed that the attack may have been transferred through an email as an attachment which was sent to one of its employees. Immediately, Telecom’s technical team advised the operators not to open any such files or emails and to immediately disconnect from the servers.
REvil Ransomware Suspected Of The Attack
Some sources have said that it may be the REvil ransomware which is also known as Sodinokibi. This REvil ransomware which was discovered a year ago and was used by GOLD SOUTHFIELD. known for distributing such kinds of ransomware through vulnerabilities, exploit kits and exposed RDP servers. However it hasn’t been confirmed that malware is Sodinokibi, but it is being highly suspected. As of now, it is estimated that almost 18000 computers have been affected and have been extensively exploited by hackers.
— GuyWithAMask (@GuyWithAMask4) July 19, 2020
In one of the most significant tweets, a screenshot was attached which was sent official from Telecom to its employees and enlisted some recommendations that its employees must follow to overcome this unprecedented ransomware attack.