Friday, October 23, 03:27
Home security REvil ransomware: Target the Light SA electricity company

REvil ransomware: Target the Light SA electricity company

REvil ransomware

Its operators REvil ransomware (also known as Sodinokibi) violated it Brazilian electricity company Light SA and ask for ransom 14 million dollars!

The company spoke to a local newspaper, where it confirmed attack.

Light SA admitted attack, but did not give many details about ransomware and breach. He simply said that the attackers used malicious software that encrypted Windows systems.

Her researchers AppGate have analyzed a sample of malware and linked it to REvil ransomware.

"Our team had access to the binary that was most likely used in the attack and we were able to confirm that the sample came from the well-known REvi l (or Sodinokibi) ransomware," she said. analysis published by AppGate. "Although we cannot confirm that this was exactly the same file used in the attack, the evidence shows that it is linked to infringement of Light SA ”.

The binary has been uploaded to a public sandbox, suggesting that the company's staff is trying to determine the nature of the file.

The "behavior" of malware is similar to that of other binaries that researchers have identified in this "ransomware" family.

electricity company

The researchers analyzed the ransomware and were able to see some data.

The page on ransom payments is hosted on Tor Network. The hackers they asked the Light SA electricity company 106.870,19 XMR (Monero) until June 19. Η deadline expired and Sodinokibi ransomware operators doubled the amount (215882,8 XMR). So the company has to pay about $ 14 million.

The payment page includes information about the attackers. From there, it is confirmed that she is responsible for her attack is a gang of REvil ransomware.

"It simply came to our notice then professional. The page even includes chat support, where the victim can talk directly to the attacker. REvil works as RaaS (Ransomware as Service) and the team behind the business seems to be connected to it Pinchy Spider, which is located behind and GandCrab ransomwareThe researchers said.

"It simply came to our notice then website Light SA was offline and displayed an error message about the base data, which could be related to the attack ".

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

How to remove Edge tabs from Alt + Tab in Windows 10

Starting with the October 2020 update, Windows 10 now displays Microsoft Edge browser tabs in the Alt + Tab task ...

Patient information is held for ransom by hackers

A company offering psychological support and psychotherapy services to thousands of patients in Finland has fallen victim to hackers. As the company stated, ...

ESafety believes that social media authentication would not be practical

Australian eSafety Commissioner Julie Inman-Grant has dismissed the practice of verifying users' identities on social media.

First beta version of the "1Password" application for Linux

One and a half months after the first rumors about the release of the 1Password application for the Linux desktop, the co-founder of Dave Teare announced now ...

The price of Bitcoin skyrockets after PayPal adds cryptocurrency

The price of Bitcoin reached a very high record on Wednesday, after the announcement of PayPal for the integration of cryptocurrency in the online ...

Dr Reddy is closing its laboratories worldwide following a data breach

The pharmaceutical company Dr Reddy 's Laboratories (DRL) was forced to close its laboratories worldwide, after a data breach that ...

PayPal lets users use cryptocurrency

PayPal on Wednesday announced a new feature that will allow users to buy, store and sell cryptocurrency.

Activists are developing face recognition technology to reveal the identities of police officers

In early September, Portland, Oregon City Council held a virtual meeting to consider legislation that ...

Tesla share rises almost 5%

Tesla's Elon Musk released the results for the third quarter of 2020 on Wednesday. The share rose almost 5% on ...

Account Takeover Attacks: How to Avoid Them?

Account Takeover (ATO) attacks are a form of theft, often used by criminals. The attackers are trying to break into accounts ...