Portuguese Energy Company Hit with Ragnar Locker Ransomware; Attackers Demand $10 Million to Decrypt the Data

Ransomware operatives this week attacked Portuguese energy giant Energias de Portugal (EDP) and are threatening to leak the company’s data online if EDP refuses to pay ransom.

Cybercriminals using the Ragnar Locker ransomware claim to have stolen 10 terabytes of sensitive company files before encrypting them on EDP’s end. They are now threatening to leak all the stolen data unless a 1580 BTC ($10.9 million) ransom is paid.

Like other ransomware gangs, the team behind the EDP attack uses a “leak” site to announce their attacks and subsequent leak plans if their demands aren’t met. As evidence that they are holding EDP’s information digitally-hostage, the hackers show a portion of a database export with EDP employees’ login names, passwords, accounts, URLs, and notes. The leak also includes confidential information on billing, contracts, transactions, clients, and partners.

“And be assure that if you wouldn’t pay, all files and documents would be publicated for everyones view and also we would notify all your clients and partners about this leakage with direct links,” reads the ransom note. “So if you want to avoid such harm for your reputation, better pay the amount that we asking for.”

The ransomware features an embedded RSA-2048 key and drops custom ransom notes, according to BleepingComputer.

Starting this year, ransomware operators are using their attacks in full fledged data breaches, threatening to publish the stolen data if ransom is not paid. The trend was started by the infamous Maze Team at the end of 2019. Seeing how the method yields more payments, rival ransomware groups have adopted the technique hoping to increase their chances of getting paid.