REVil ransomware infected 18,000 computers at Telecom Argentina

Another telco company was hit by a ransomware, roughly 18,000 computers belonging to Telecom Argentina were infected over the weekend.

Telecom Argentina, one of the largest internet service providers in Argentina, was hit by a ransomware attack. Ransomware operators infected roughly 18,000 computers during the weekend and now are asking for a $7.5 million ransom.

The incident took place on Saturday, July 18, it had a severe impact on the company operations. The attackers initially gained access to the company network, then they took control over an internal Domain Admin and used the access to infects thousands of machines.

The incident did not cause connectivity issues to the ISP’s customers, fixed telephony or cable TV services were not affected to.

Many websites operated by Telecom Argentina were taken offline by the attack. The security researcher German Fernandez speculated the involvement of REvil ransomware in the attack against Telecom Argentina.

Immediately after the attack was detected by the internal IT staff, the company warned its employees of not connecting its internal VPN network and avoiding opening emails with suspicious archive attachments.

REvil (Sodinokibi) ransomware gang published a page dedicated to the Telecom Argentina on its dark web payment portal.

The page on the portal shows a ransom demand of 109345.35 Monero coins (approximately $7.53 million). Anyway at the time of writing, the ransomware gang did not include Telecom Argentina in the list of its victims on its dark web leak site. The ransomware operators are threatening the ISP to double the ransom if it will not pay the ransom after three days.

In the past, REVil operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points.

Telecom Argentina was not the first ISP targeted by REvil ransomware operators, in May the gang infected systems at Sri Lanka Telecom.

Recently another ISP was hit by a ransomware attack, in early July Orange SA suffered an attack that reportedly exposed the data of 20 of its enterprise customers.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, REVil ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.