Its operators REvil ransomware (also known as Sodinokibi) violated it Brazilian electricity company Light SA and ask for ransom 14 million dollars!
The company spoke to a local newspaper, where it confirmed attack.
Her researchers AppGate have analyzed a sample of malware and linked it to REvil ransomware.
"Our team had access to the binary that was most likely used in the attack and we were able to confirm that the sample came from the well-known REvi l (or Sodinokibi) ransomware," she said. analysis published by AppGate. "Although we cannot confirm that this was exactly the same file used in the attack, the evidence shows that it is linked to infringement of Light SA ”.
The binary has been uploaded to a public sandbox, suggesting that the company's staff is trying to determine the nature of the file.
The "behavior" of malware is similar to that of other binaries that researchers have identified in this "ransomware" family.
The researchers analyzed the ransomware and were able to see some data.
The page on ransom payments is hosted on Tor Network. The hackers they asked the Light SA electricity company 106.870,19 XMR (Monero) until June 19. Η deadline expired and Sodinokibi ransomware operators doubled the amount (215882,8 XMR). So the company has to pay about $ 14 million.
The payment page includes information about the attackers. From there, it is confirmed that she is responsible for her attack is a gang of REvil ransomware.
"It simply came to our notice then professional. The page even includes chat support, where the victim can talk directly to the attacker. REvil works as RaaS (Ransomware as Service) and the team behind the business seems to be connected to it Pinchy Spider, which is located behind and GandCrab ransomwareThe researchers said.