News

Ransomware Criminals Attack Argentine Telecoms Giant, Demand Payout in Monero

A new ransomware attack appears to have hit a telecoms company in Argentina, with privacy-focused asset Monero at the center of the operation. This week, local news source El Periodista reported that hackers had deployed a Ransomware attack on Telecom SA, one of Argentina’s largest telecoms companies.

This article first appeared on Inside Bitcoins.
More Than a Network Problem

El Periodista explained that company workers had been complaining of technical issues since Wednesday. They explicitly explained that they had problems with their Virtual Private Network (VPN), and the company’s Siebel database network.

Employees had initially believed it was a mere system glitch. However? They got instructions from the tech support team not to open any files and to disconnect from the network.

Although the news source has yet to confirm any ransom requests, noted economist and crypto market analyst Alex Krüger tweeted that day that a group of hackers had demanded $7.5 million in Monero in exchange for the company’s information.

“Argentina’s major telephone company, Telecom, just got hacked. Hackers requesting a ransom of $7.5 million in Monero. $XMR,” Krüger said.

The economist’s tweet came with a screenshot of the hacker’s request and a July 21 deadline for payment. The hackers allegedly added that they would double the fees if the company doesn’t pay up at the date.

Krüger added that the Monero connection came from rumors that he saw on WhatsApp. He also pointed out that the hack could have been a corporate one, thus rendering the company’s chances of making a public statement slim.

The Continued Ransomware Wave

Ransomware attacks have increased in prominence this year, with attacks both in the United States and abroad. ZDNet reported on June 7 that the United States Secret Service has warned American corporations to be extra wary of these attacks, as hackers had become more sophisticated in their methods.

The Secret Service particularly warned manager service providers (MSPs) for the private and public sectors. MEPs are service providers that maintain enterprises’ remote management software. They provide systems for file sharing between internal networks, which could also get hosted in cloud infrastructures.

Per the report, it claimed that hackers had started using ransomware attacks, point-of-sale intrusions, and business email compromise scams to breach MSP customers’ internal networks.

“Due to the fact a single MSP can service a large number of customers, cybercriminals are specifically targeting these MSPs to conduct their attacks at scale to infect multiple companies through the same vector,” the Secret Service warned.

The increasing use of Monero in enterprise system attacks is also becoming more of a concern for industry insiders. Many see the asset as more private than Bitcoin, with lower tracking and oversight risks.

In May, cloud security firm Red Canary reported that the Blue Mockingbird malware gang alone had infected over 1,000 enterprise systems with Monero/mining malware since December 2019.

The report explained that the group’s malware attacks servers that run the ASP.NET applications and exploits vulnerabilities to install a web shell on the victim computer. With administrator access, hackers can modify the computer’s server settings. Next, they install the XMRig app to harness the computer’s resources for mining. Red Canary added that most of the computers belong to large companies. However, it didn’t reveal any names.

 
Introducing Blue Mockingbird
 
Keeping tabs on Blue Mockingbird