Saturday, January 16, 00:01
Home security REvil ransomware: Target the Light SA electricity company

REvil ransomware: Target the Light SA electricity company

REvil ransomware

Its operators REvil ransomware (also known as Sodinokibi) violated it Brazilian electricity company Light SA and ask for ransom 14 million dollars!

The company spoke to a local newspaper, where it confirmed attack.

Light SA admitted attack, but did not give many details about ransomware and breach. He simply said that the attackers used malicious software that encrypted Windows systems.

Her researchers AppGate have analyzed a sample of malware and linked it to REvil ransomware.

"Our team had access to the binary that was most likely used in the attack and we were able to confirm that the sample came from the well-known REvi l (or Sodinokibi) ransomware," she said. analysis published by AppGate. "Although we can not confirm that this was exactly the same file used in the attack, the evidence shows that it is linked to the infringement of Light SA ”.

The binary has been uploaded to a public sandbox, suggesting that the company's staff is trying to determine the nature of the file.

The "behavior" of the malware is similar to that of other binaries found by researchers in this "family" of ransomware.

electricity company

The researchers analyzed the ransomware and were able to see some data.

The page on ransom payments is hosted on Tor Network. The hackers they asked the Light SA electricity company 106.870,19 XMR (Monero) until June 19. Η deadline expired and Sodinokibi ransomware operators doubled the amount (215882,8 XMR). So the company has to pay about $ 14 million.

The payment page includes information about the attackers. From there, it is confirmed that she is responsible for her attack is a gang of REvil ransomware.

"The whole attack looks great professional. The page even includes chat support, where the victim can talk directly to the attacker. REvil works as RaaS (Ransomware as Service) and the team behind the business seems to be connected to it Pinchy Spider, which is located behind and GandCrab ransomware", Said the researchers.

"During the attack, we noticed that website Light SA was offline and displayed an error message about the base data, which could be related to the attack ".

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...