Telecom, the largest telecommunications company of Argentina, has fallen victim to a ransomware attack, as hackers are demanding $7.5 million in Monero (XMR), an amount that will rise to $15 million if the company does not pay within 48 hours.
It has been reported by El Tribuno that the ransomware attack, which specifically affected Telecom’s call center, took place on July 18, as the ransomware was ultimately contained by the Argentinian conglomerate’s IT workers.
The company explained:
“Telecom reports that it managed to contain a cyber attack attempt, of global dispersion, on its platforms. No critical services of the company were affected. It should also be noted that no client of the company was affected by this situation, as well as the bases of company data. Customer service efforts, suspended preventively, will be gradually restored.”
However, the attack does not seem to have affected services provided by the company such as landlines, mobile phones, or the Internet.
ZDNet quotes sources inside the ISP provider who say that hackers caused “extensive damage” to Telecom’s network. They claim that the hackers successfully deployed their ransomware to more than 18,000 workstations across the company.
Ransomware deployed to over 18,000 workstations in an Argentinian Telecom company, reports @conexiondigicol https://t.co/9VE5fXmj3D — Cointelegraph (@Cointelegraph) July 20, 2020
Also, the report added that the REvil ransomware gang or Sodinokibi could be behind the attack, as the hackers posted a tweet claiming its responsibility by attaching a screenshot of the website, but it was deleted at some point between July 19 and 20.
As the hacker’s point of entry was a malicious e-mail attachment sent to one of Telecom’s employees, it doesn’t fit at all with the tactics used by the gang, as it often deploys the attack through network-based intrusions by targeting vulnerabilities within the IT infrastructure.
Likewise, most of the official websites belonging to Telecom are now online after a downtime suffered after the attack.
According to the report, one of the most prominent tweets is an image from a seemingly official company statement in which it acknowledges the attack and lists a series of recommendations for its employees to follow.
Thus, Telecom Argentina did not provide any further information to local media outlets about the incident.