GlobalSign Blog

Ransomware Attackers Demand Millions from Telecom Argentina

Ransomware Attackers Demand Millions from Telecom Argentina

There’s been a plethora of big hacks recently, most notably Twitter’s dumpster fire of an attack. Since that story has been the hottest (no pun intended) during the last week or so, you might have missed another significant hack not in the U.S., but in Latin America.

On July 18, top Argentinian telecom provider Telecom Argentina announced that it was the target of a ransomware attack. The attackers demanded nearly $7.5 million from the company paid in Monero, even threatening to raise the ransom to $15 million if they weren’t compensated within three days. 

The hack - which homed in on the company’s call center - enabled the attackers to encrypt up to 18,000 workstations using stolen admin credentials. 

Following the attack, Telecom Argentina advised employees not to connect to its internal VPN network, not open emails containing archive files, and to limit their interaction with the corporate network.

According to El Tribuno, the ransomware was ultimately contained by the Argentinian conglomerate’s IT workers. In a statement issued to the media, the company said:

"Telecom reports that it managed to contain a cyber attack attempt, of global dispersion, on its platforms. No critical services of the company were affected. It should also be noted that no client of the company was affected by this situation, as well as the bases of company data. Customer service efforts, suspended preventively, will be gradually restored."

Attack Impact

Despite impacting thousands of computers connected to the telecom company's internal server, per the company’s statement, a story from report from ZDNet painted a different picture, stating that “sources inside the ISP said hackers caused extensive damage to the company's network.”

In addition, several reports have also claimed that the hackers found their way in after targeting Telecom Argentina's employees with phishing emails and obtaining their login credentials.

Whodunnit?

According to the ZDNet story, the prime suspect was initially thought to be the REvil ransomware gang (A.K.A. Sodinokibi) since the group posted a tweet claiming its responsibility by attaching a screenshot of the website. But then it was deleted a few days later. Also, the mode of entry – a malicious email attachment sent to one of Telecom’s employees – doesn’t fit at all with the tactics used by the gang. Apparently, the group prefers to deploy attacks via network-based intrusions by targeting vulnerabilities within the IT infrastructure. 

So, who is ultimately responsible for this one? It may simply be too early to tell.

Cybersecurity in Latin America 

cybersecurity in Latin America.jpg

According to Insight Crime, while Latin Americans are very connected online, the country may not be fully prepared to counteract cybercrime. 

Charity Wright, an analyst with global cyber threats firm IntSights Cyber Intelligence, said that countries with the largest economies — Brazil, Mexico, Colombia and Argentina — are the most likely to be targeted by hackers because they “have the money, a huge population and are adopting new technology quickly, but at the same time these countries are very much behind the rest of the world in implementing cyber defense mechanisms, regulation and compliance policies across the board.” 

For example, back in February Mexico’s Ministry of Economy was targeted by hackers. It was the second high-profile cyberattack in the country in recent months. In November, hackers demanded nearly $5 million (worth 565 in bitcoin) with a 48-hour deadline to the country’s state-owned oil company, PEMEX. The company was forced to shut down its computers nationwide, as well as freeze payment systems.

In addition, one of the groups directly impacted was Mexico’s tomato farmers. It just so happens the Ministry is responsible for responding to electronic requests sent by tomato producers, so cargo can be exported and the time waiting at the US border is limited. After the attack, the Ministry was forced to establish a mail system so that the farmers could continue their foreign trade.

It COULD Happen to You, So Be Prepared 

It is not yet clear if Telecom Argentina has paid the ransom. But it’s smart to prepare for the possibility that your company is in an attacker’s crosshairs. In a previous GlobalSign post we discussed tips on how to prepare for an attack, including making sure you have a reliable backup and recovery solution implemented. In fact, with those systems in place, the majority of MSPs say their clients fully recover from ransomware attacks. So all is not lost!  

One of the best ways to ward off a major attack is to ensure that your business has strong authentication protocols in place. To protect your enterprise networks, data, and applications, you should consider implementing secure certificate-based and token-based two-factor authentication. Managing these processes doesn’t have to be complicated or labor-intensive, as we cover in our white paper, Decrease Operating Costs and Simplify Management of Digital Certificates

There is no question that in 2020 ransomware attacks are on the rise. Unfortunately, between the increased use of phishing by hackers, and more people than ever working at home, ransomware is not going away anytime soon.  

Share this Post