This Saturday night hours, hackers attacked Telecom Argentina, with malicious software (ransomware). They are asking for $ 7.5 million in Monero (XMR). Most notably, it has shut down its customer service systems.
A local outlet reported that hackers asked for $ 7.5 million in the Monero cryptocurrency, a digital currency very similar to Bitcoin. But, it offers a higher level of security and anonymity for users and their transactions.
Hackers attacked Telecom Argentina
The hackers behind a failed ransomware attack demanded $ 7.5 million in monero (XMR). To allow infected computers to return to normal operations.
According to unidentified Telecom S.A. employees, the company’s network was under attack for up to 72 hours. As a result, it affected employees’ access to their virtual private network (VPN) and various databases.
Rumors of a cryptocurrency bailout first started circulating on Twitter on Saturday. After the economist and renowned crypto commentator twitter Alex KrugerHe tweeted that hackers were demanding a $ 7.5 million privacy-focused cryptocurrency Monero.
The tweet includes an image indicating that hackers threatened to double the ransom to $ 15 million if it was not paid within 48 hours.
The ransomware attack specifically affected Telecom’s call center. Even so, the ransomware was finally contained by the IT workers of the Argentine conglomerate. In a statement issued to the local media, the company reported:
“Telecom reports that it managed to contain a cyber attack attempt, of global dispersal, on its platforms.”
Adding: “The company’s critical services were not affected. Definitely, no client of the company was affected by this situation, as well as the databases of the company. Equally important, customer service efforts, preemptively suspended, will be gradually restored“
Likewise, the attack does not appear to have affected the services provided by the company, such as landlines, mobile phones or the Internet.
In the same vein, they claim that hackers successfully deployed their ransomware on more than 18,000 workstations across the company.
The report also adds that the REvil ransomware gang, or Sodinokibi, could be behind the attack. Since hackers posted a tweet claiming their liability, attaching a screenshot from the website. But, it was removed sometime between July 19-20.
In fact, as the hackers’ entry point was a malicious email attachment sent to one of the Telecom employees. It doesn’t fit at all with the tactics used by the gang.
Sites hosted by Telecom Argentina are back after the incident
So far, most of the official websites belonging to Telecom are now online. After a period of inactivity suffered after the attack.
Telecom Argentina did not provide further information to the local media about the incident. It is unknown if he plans to pay the ransom.