REvil ransomware group hack into Telecom Argentina and infect 18,000 computers; Demand $7.5 million ransom from Argentinian ISP
The dreaded REvil ransomware group has infected 18,000 workstations of Argentina’s top Internet Service Provider, Telecom Argentina. The REvil ransomware group which was earlier responsible for hacking and infecting the celebrity law firm from New York City, Grubman Shire Meiselas & Sacks, and Tillamook County webservers. REvil ransomware group figures among the 10 most expensive ransoms paid by infected parties.
The REvil ransomware also known as the Sodinokibi ransomware group infected the internal network of Telecom Argentina and has demanded $7.5 million ransom from them to unlock encrypted files and not leak exposed data. The infection took place on July 18 2020 and since crippled the Telecom Argentina internal network.
The hack attack is considered one of the biggest hacking attacks made in Argentina and caused extensive damage to Telecom Argentina’s internal servers. REvil hackers managed to gain control over an internal Domain Admin of Telecom Argentina. Using this domain admin, they infected all the connected 18,000 workstations with REvil/Sodinokibi ransomware. Telecom Argentina used Citrix VPN Citrix which is vulnerable to the CVE-2019-19781 security bug. REvil hackers could have used this vulnerability to gain access to the internet Domain Admin of the company.
— Germán Fernández 🇨🇱 (@1ZRR4H) July 19, 2020
Thankfully, the Internet connections, cable TV services, and fixed telephone services of Telecom Argentina didn’t go down as the ransomware didn’t infect the external servers. However, many of Telecom Argentina’s official websites have been down since the infection took place.
As soon as REvil ransomware group infected the Telecom Argentina servers, they posted a screenshot of various files on their dark web website. On this website, the group demanded 109345.35 Monero coins (approx $7.50 million) for decrypting the files and not leaking exposed files. The website also says that failure to pay the $7.50 million by the company would result in doubling of ransom to $15 million after three days, making this one of the largest ransom demands requested in a ransomware attack this year.
This is also the REvil ransomware group’s second attack against a major ISP. Earlier in May it had hacked into servers of Sri Lanka Telecom and infected it with ransomware. Telecom Argentina has not commented on the ransomware infection nor did it say if it intends to pay the ransom demand.