Last Updated on 30/07/2020 by TheDigitalHacker
EDP Renewables North America, a subsidiary of the Portuguese energy giant EDP, confirmed that a Ragnar locker ransomware attack has occurred which has affected the parent company. Talking about the company’s profile, so the EDP group mostly focuses on the energy generation and its activities related to its distribution. Currently, the company has a workforce of over 11,500 employees and serves a customer base of 11 million.
Confirmation of Ragnar Locker ransomware attack
On April 13, 20, the EDPR NA’s agreed that they experienced a data breach attack on their databases. In a letter sent to the customers, the company apologized for the instance, but it still insisted that no evidence for the leakage of confidential data has been found.
Officials oF EDPR NA said that for the first time on May 8, 2020, they found that unauthorized third parties were accessing their computers. After this, the company started investigating all possible data that might have got accessed or leaked in the attack for which they had found no evidence that any kind of personal day was obtained during the attack.
In the letter, the firm exclaimed that “However, we are notifying you out of an abundance of caution because EDPR NA has in its information systems some of your personal information, including your name and Social Security number.”
$10 million Ransome demanded
According to Bleeping Computer, the ransomware used in the attack seems to be Ragnar Locker, which is known for targeting big corporate organizations than the public accounts. The forensic experts described the technique used in which the Virtual machines are used to load the malware, which allows you to bypass the current security system.
According to sources, the ransomware demanded 1580 Bitcoin, which counts to approximately $10 million. The attackers claimed to have accessed 10 TB of data from the systems, and for proof, they can decrypt some of the files for free.
The attackers threatened that in case of denying to the deal by the firm, they would make the sensitive personal data or make it public, which includes data regarding transactions, billing, contracts, clients, and many more.