Hackers Hack Telecom Argentina, Demand USD 7.5 Million In Monero

Source: Adobe/adragan

Telecom S.A., the largest telecommunications company in Argentina, has suffered a ransomware attack as hackers demand USD 7.5 million in privacy coin Monero (109,345 XMR) to be paid until the night of Tuesday, July 21. If the company does not meet the deadline, the payable amount will rise to USD 15 million (218,690 XMR).

Per the local news outlet, the attack has not affected users or internet and telephone services provided by Telecom Argentina S.A. Still, the company has reportedly lost access to Office365 and OneDrive files. Other affected internal systems include corporate VPN, Citrix, Siebel, Genesys, the Customer and Field Service virtual machines, and internal users’ PCs.

The attack has likely come through an attachment in an email. According to Twitter user @pablowasserman, the malware targetted company’s customer relationship management (CRM) software Siebel, which contains data from its clients.

In a leaked internal memorandum to employees, the company said it was looking for a viable solution as soon as possible, simultaneously asking its employees to avoid certain behaviors like using the corporate network, open suspicious files or emails from unknown recipients, and turning off computers until the situation is normalized.

Telecom Argentina S.A. is yet to issue an official statement on the situation.

According to local reports, the attack had started as early as Wednesday, when employees began noticing trouble accessing company’s VPN and other databases. Preliminary estimates indicate that the attack may impact daily operations of at least 18,000 teams.

The hackers are asking for a 109,345 XMR (USD 7,500,000) ransom to be paid in privacy coin Monero (XMR) and even left a ransom message with links where to buy it. If the amount is not paid by the night of Tuesday, July 21, it will double to 218,690 XMR (USD 15,000,000).

Hackers Hack Telecom Argentina, Demand USD 7.5 Million In Monero 102
An image of the ransomware leaked to Twitter. Source: Alex Kruger @krugermacro

The malware used in the attack is REvil ransomware, also known as Sodinokibi, which was first detected on April 17, 2019. The malware is used by a financially motivated group GOLD SOUTHFIELD.

Ransomware is a type of malware that aims to encrypt files on infected computers and makes them inaccessible until payment is made. Even when the payment is made, there is no guarantee that the hackers will unlock the files.

The hack happened just a few days after the massive Twitter hack involving Bitcoin, which is now being investigated by the FBI. The incident has prompted discussions on which cryptocurrency is more suitable for scammers – XMR or BTC. Previous month Cryptonews reported how ISIS-affiliated website has switched from accepting Bitcoin donations to Monero due to insufficient privacy measures on the Bitcoin network.

.