Its operators REvil ransomware (also known as Sodinokibi) violated it Brazilian electricity company Light SA and ask for ransom 14 million dollars!
The company spoke to a local newspaper, where it confirmed attack.
Her researchers AppGate have analyzed a sample of malware and linked it to REvil ransomware.
"Our team had access to the binary that was most likely used in the attack and we were able to confirm that the sample came from the well-known REvi l (or Sodinokibi) ransomware," she said. analysis published by AppGate. "Although we can not confirm that this was exactly the same file used in the attack, the evidence shows that it is linked to the infringement of Light SA ”.
The binary has been uploaded to a public sandbox, suggesting that the company's staff is trying to determine the nature of the file.
The "behavior" of the malware is similar to that of other binaries found by researchers in this "family" of ransomware.
The researchers analyzed the ransomware and were able to see some data.
The page on ransom payments is hosted on Tor Network. The hackers they asked the Light SA electricity company 106.870,19 XMR (Monero) until June 19. Η deadline expired and Sodinokibi ransomware operators doubled the amount (215882,8 XMR). So the company has to pay about $ 14 million.
The payment page includes information about the attackers. From there, it is confirmed that she is responsible for her attack is a gang of REvil ransomware.
"The whole attack looks great professional. The page even includes chat support, where the victim can talk directly to the attacker. REvil works as RaaS (Ransomware as Service) and the team behind the business seems to be connected to it Pinchy Spider, which is located behind and GandCrab ransomware", Said the researchers.