Telecom Argentina systems held to ransom for $7.5 million USDollars

As reported in CISO Mag: Telecom Argentina systems were infected with ransomware on 18 July, 2020.The effects of the attack were first noticed when the Telecom’s employees started facing issues and lag in their systems while accessing the company’s VPN (virtual private network). The internal security systems instantly set-off the alarms but not before the ransomware was installed in over 18,000 workstations.

Telecom Argentina also confirmed that none of its dependent services were affected and have asked its employees to look out for malicious email attachments and suspicious activities on its networks as remedial measures.

The Ransomware Attack as it Happened…

• The attack was initiated in the early hours of July 18, 2020.
• It affected more than 18,000 internal systems of Telecom Argentina.
• The ransomware was reportedly targeted at the company’s customer relationship management (CRM) software Siebel, which contains client data.
• Telecom’s internal systems and software including Office365, OneDrive, corporate VPN, Citrix, Genesys, the Customer and Field Service virtual machines were also affected.
• Its users’ internet or telecommunication services were not affected.
• Reports suggest that ReVIL, better known as Sodinokibi ransomware operatorswere behind this attack.
• The operators demanded 109345.35 Monero coins (worth approximately US$7.53 million) as ransom in exchange for the decryption key.

As originally tweeted by Alex Kruger.