The multinational company Enel Group is affected for
the second time this year by Ransomware. In this case, the group that carried out
the attack is Netwalker, which demands a ransom of 1234.02380000 Bitcoins that
equate to 14 millions of dollars in order to obtain the decryption key for
the files and, In addition, so that the group does not release the stolen data.
The company Enel is one of the largest in the European
energy sector, It has more than 61 millions of customers in more than 40
different countries. The company had already received at the beginning of June of this same
year an attack on its internal network by the Snake ransomware, this attempt was
detected before the malware could spread, controlling the attack.
Un investigador de seguridad informática compartió con
BleepingComputer el 19 de octubre lo que parecía una nota de rescate de Netwalker
hacía el grupo Enel. En esta nota de rescate había añadido una URL la cual
mostraba los datos que este grupo había conseguido robar con el ataque. Basándose
en estos datos robados se pudo determinar que el ataque fue contra el grupo
Enel.
Unos días después de la noticia de BleepingComputer, the
propio grupo Netwalker confirmo las sospechas, la víctima era el grupo Enel, after
de confirmarlo agregaron un mensaje a su chat de soporte, donde indicaban al
grupo Enel que tenían que ponerse en contacto con ellos para recuperar los
data.
En este tipo de ataques por norma general si la victima no
se pone en contacto con el operador de rescate, the price to pay for the ransom
doubles after some time. It seems that this has happened to the Enel group, in
a screenshot provided by the attacker shows how the
company has not responded to the attacker's conversation.
The attacker used the support chat to make this
contact and added in this channel to Enel that they would start the first step towards the
leak of the stolen data. This leak serves to show that
they have the stolen data and in this way put pressure on the victim to
pay the ransom for the data.
According to Netwalker, this past week the data
stolen from Enel amounts to 5 terabytes of data and is ready to
publish part of the content in a week. In addition, they added that they are
analyzing each file for interesting things and would publish the result
on their leak site.