Following a successful hack on top Twitter personalities’ accounts, Argentina’s largest telecommunications company, Telecom S.A., becomes the latest corporation to be hacked. As per reports, Telecom has suffered a ransomware attack with the hackers demanding $7.5 million in Monero (XMR) cryptocurrency to recover the stolen data.
The hack is reported by a new Twitter account, which shows the company has already lost its OneDrive and Office365 access, but the client’s accounts and data haven’t been affected. Other internal systems are also under attack, including Customer and Field Service (CFS) virtual machines, internal users' PCs, Telecom’s VPN, Genesys, and Citrix.
An unconfirmed report by a source in Telecom states that the ransomware targeted the customer relationship management (CRM) software, Siebel, which stores the client’s data.
A screenshot from the hack shows that the hackers have set a payment ultimatum of Tuesday, July 21, 2020, or else the figure will double to $15 million.
Notwithstanding, the hackers have given an elaborate way on how to buy and send the privacy-focused XMR tokens.
A short history on the hack
The hack is stated to have started earlier in the week, around Wednesday, when employees of Telecom reported difficulty in accessing the corporate VPN. The ransomware is said to have been transmitted through an email attachment to the company’s systems, as shown in the image below.
Sources close to the matter say close to 18,000 internal computers have been affected by accelerating Domain privileges to the hackers.
Some fingers point to REvil or Sodinokibi or Gandcrab ransomware created by a financially motivated hacking group, GOLD SOUTHFIELD, for the Telecom S.A. attack.
Internal memo on the hack
A leaked memo on the company’s response on the hack warned employees against opening unfamiliar attachments, switching off computers, and using the corporate network before a viable solution is implemented.
Another global telco company, France’s Orange Network, also confirmed a ransomware attack earlier in the month. They suffered a ransomware attack by exposing the data of twenty of their business customers.