Hackers Attack Telecom Argentina, Demand USD 7.5m In Monero

Eimantas Žemaitis
Last updated: | 2 min read

Telecom S.A., the largest telecommunications company in Argentina, has suffered a ransomware attack as hackers demand USD 7.5m ir privacy coin monero (XMR) to be paid until the night of Tuesday, July 21. If the company does not meet the deadline, the payable amount will rise to USD 15 million (XMR 216,189).

Source: Adobe/adragan

The hackers are not only demanding the ransom to be paid in XMR but also left a message with links where to buy this privacy coin.

An image of the ransomware leaked to Twitter. Source: Alex Kruger @krugermacro

Per the local news outlet, the attack has not affected users or internet and telephone services provided by Telecom Argentina. Still, the company has reportedly lost access to Office365 and OneDrive files. Other affected internal systems include corporate VPN, Citrix, Siebel, Genesys, the Customer and Field Service virtual machines, and internal users’ PCs.

The attack has likely come through an attachment in an email, according to speculations on social media. Twitter user @pablowasserman said that the malware targeted company’s customer relationship management (CRM) software Siebel, which contains data from its clients.

In a leaked internal memorandum to employees, the company said it was looking for a viable solution as soon as possible, simultaneously asking its employees to avoid certain behaviors like using the corporate network, open suspicious files or emails from unknown recipients, and turning off computers until the situation is normalized.

Telecom Argentina S.A. is yet to issue an official statement on the situation.

According to local reports, the attack had started as early as Wednesday, when employees began noticing trouble accessing company’s VPN and other databases. Preliminary estimates indicate that the attack may impact daily operations of at least 18,000 teams.

The malware used in the attack is REvil ransomware, also known as Sodinokibi, which was first detected on April 17, 2019. The malware is used by a financially motivated group GOLD SOUTHFIELD.

Ransomware is a type of malware that aims to encrypt files on infected computers and makes them inaccessible until payment is made. Even when the payment is made, there is no guarantee that the hackers will unlock the files.

The hack happened just a few days after the massive Twitter hack, which is now being investigated by the FBI.

Meanwhile, in June, Cryptonews.com reported that ISIS-affiliated website has switched from accepting donations in bitcoin (BTC) XMR due to insufficient privacy measures on the Bitcoin network.

Reactions

.

__
This article was edited for clarity and space at 05:00 UTC.