Thursday, August 6, 08:33
Home security REvil ransomware: Target the Light SA electricity company

REvil ransomware: Target the Light SA electricity company

REvil ransomware

Its operators REvil ransomware (also known as Sodinokibi) violated it Brazilian electricity company Light SA and ask for ransom 14 million dollars!

The company spoke to a local newspaper, where it confirmed attack.

Light SA admitted attack, but did not give many details about ransomware and breach. He simply said that the attackers used malicious software that encrypted Windows systems.

Her researchers AppGate have analyzed a sample of malware and linked it to REvil ransomware.

"Our team had access to the binary that was most likely used in the attack and we were able to confirm that the sample came from the well-known REvi l (or Sodinokibi) ransomware," she said. analysis published by AppGate. "Although we cannot confirm that this was exactly the same file used in the attack, the evidence shows that it is linked to infringement of Light SA ”.

The binary has been uploaded to a public sandbox, suggesting that the company's staff is trying to determine the nature of the file.

The "behavior" of malware is similar to that of other binaries that researchers have identified in this "ransomware" family.

electricity company

The researchers analyzed the ransomware and were able to see some data.

The page on ransom payments is hosted on Tor Network. The hackers they asked the Light SA electricity company 106.870,19 XMR (Monero) until June 19. Η deadline expired and Sodinokibi ransomware operators doubled the amount (215882,8 XMR). So the company has to pay about $ 14 million.

The payment page includes information about the attackers. From there, it is confirmed that she is responsible for her attack is a gang of REvil ransomware.

"It simply came to our notice then professional. The page even includes chat support, where the victim can talk directly to the attacker. REvil works as RaaS (Ransomware as Service) and the team behind the business seems to be connected to it Pinchy Spider, which is located behind and GandCrab ransomwareThe researchers said.

"It simply came to our notice then website Light SA was offline and displayed an error message about the base data, which could be related to the attack ".

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Why the Edge crashed with Google's default search engine

An explanation has been given by Microsoft, regarding the error that caused the collapse of the Edge, when Google was set ...

Waymo: 18 months in prison for the employee who stole the data!

Anthony Levandowski, former chief engineer of Waymo, was sentenced to 18 months in prison for stealing confidential data from Google.
00:02:16

Call of Duty Warzone: The game's hackers have grown exponentially

While cheats are a long-standing problem for Call of Duty: Warzone, they seem to be commonplace in the game.

SEE LIVE NOW: Presentation of the Samsung Galaxy Note 20 5G

Watch live now on YouTube the presentation of Samsung's new product, the Galaxy Note 20 5G. SEE ...

Remote Work means more hours and meetings

The massive shift to remote work since the pandemic began brought several upheavals: more flexibility, no routes, comfortable clothes.

Microsoft spent nearly $ 14 million on Bug Bounty

In a statement on Tuesday, Microsoft said it had spent about $ 13,7 million on bug bounty programs ...

More than 50 vulnerabilities are fixed on Android

On Monday, Google released security updates for August 2020. The updates concern the Android operating system, with code updates ...

Kodak: Under investigation for $ 765 million loan?

Trading on the Kodak Stock Exchange rose shortly before the announcement of the $ 765 million loan for the production of drugs.

DNS-over-HTTPS (DoH) Protocol: The new "weapon" of Iranian APT hackers!

The Iranian APT hackers of the group known as "Oilrig", are the first to integrate the DNS-over-HTTPS (DoH) protocol in ...

NSA: Warns about the dangers of location services

The US National Security Agency, NSA, warns about mobile location services and the dangers to national security and ...