The Portugese multinational energy giant Energias de Portugal (EDP) is the latest company to fall victim to the RagnarLocker ransomware and the attackers are now asking for a $10.9m ransom to unlock its files.
According to BleepingComputer and MalwareHunterTeam, the attackers claim to have stolen over 10TB of sensitive company files which they are threatening to leak if their ransom demands are not met.
In a post on Ragnarok’s leak site, the attackers explained that it is up to EDP whether the company’s files remain confidential or are made public, saying:
“We had downloaded more than 10TB of private information from EDP group servers. Below just a couple of files and screenshots from your network only as a proof of possession! At this moment current post is a temporary, but it could become a permanent page and also we will publish this Leak in Huge and famous journals and blogs, also we will notify all your clients, partners and competitors. So it’s depend on you make it confidential or public !”
MalwareHunterTeam discovered the RagnarLocker ransomware sample which was used by the cybercriminals who attacked EDP while BleepingComputer found the ransom note and Tor payment page where the attackers provide further details on the decryption process and the amount of the ransom.
The attackers left their ransom note on EDP’s encrypted systems where they were able to steal confidential information on many of the energy giant’s business dealings including its billing, contracts, transactions, clients and partners.
The RagnarLocker ransomware was first discovered at the end of last year when it was seen being used in attacks against compromised networks. The cybercriminals behind it often target software used by managed service providers to prevent their attacks from being detected and blocked.
As of now, it is still unclear as to whether or not EDP will pay the large ransom demanded by the attackers but the company was offered a special price if it reaches out within two days of having its systems encrypted. If EDP fails to pay the ransom, the cybercriminals could deliver on their promise to publicly release the 10TB of sensitive data they obtained in the attack.