Energy Company EDP Confirms Ragnar Locker Ransomware Attack
EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation’s systems, the Portuguese multinational energy giant Energias de Portugal (EDP), BleepingComputer reported.
In a letter sent to customers (.PDF), the energy company apologized for the incident but insisted that there is “no evidence” that consumer information was compromised or stolen.
The firm delivers energy to over 11 million customers and operates in 19 countries.
EDP experienced a ransomware attack on April 13. EDPR NA learned of the ransomware infection “for the first time” from its parent company on May 8.
“Attackers had gained unauthorized access to at least some information stored on the company’s own information systems,” the letter reads. “Since then, EDPR NA has worked diligently and on an expedited basis to identify the individuals potentially affected by this incident.”
EDPR NA says that customers need to be aware of the incident as the business stores customer names and Social Security numbers, although payment card information was not included in the potential data breach.
EDPR NA takes seriously both the security of your personal information and this incident. In response to this incident, we have taken steps to enhance the security for your personal information, such as implementing new IT processes and login requirements, including multi-factor verification, to limit the likelihood of a recurrence. – EDPR NA
The $10 Million Ransom
As discovered at the time, the attackers asked EDP Group to pay a ransom of 1580 bitcoins (the equivalent of more than $10 million or €9.9 million) for a decryptor and to stop having over 10 TB of data allegedly stolen from the group’s servers leaked to the public.
According to the ransom note dropped on EDP’s encrypted systems, the attackers were able to steal confidential information on billing, contracts, transactions, clients, and partners.
The attack was confirmed by an EDP spokesperson in an email statement to Bleeping Computer on April 16, although the company said that it had “no knowledge of this alleged ransom demand” and it wasn’t yet seen as a ransomware attack.
Ragnar Locker ransomware was first detected while being used as part of attacks during later December 2019. The Ragnar Locker operators are known for targeting software routinely used by managed service providers (MSPs) to prevent attacks from being detected and blocked.
Companies are seeing ransomware attacks as data breaches and reporting them as such after most ransomware operations including Maze, REvil (Sodinokibi), Netwalker, DoppelPaymer, CLOP, Ragnar Locker, Nephilim, and Ako have also started stealing information from compromised networks before encryption.
Most companies that fall victim to ransomware are also now offering free identity theft protection and credit monitoring to affected clients and employees and clients to make sure that they are alerted if their data is used for fraud.