Earlier this week, Energias de Portugal (EDP) was attacked by cybercriminals using the recently unveiled ransomware strain Ragnar Locker. EDP is a multinational organization in the energy sector with a presence in 19 countries, a workforce of 11,500, and a customer base of more than 11 million depending on their energy production. A leader in the field, EDP is counted as one of the largest European gas and electric energy operators and the world’s fourth-largest producer of wind power.
At the time of this writing, however, all of those operations have ceased.
A change in strategy from Ragnar Locker
Ragnar Locker is a virulent new strain of ransomware that was first identified in December 2019. To evade detection, the malware specifically targeted software used by managed service providers (MSPs) including ConnectWise and Kaseya. If not detected, this would open a number of doors for cybercriminals as MSPs unwittingly distributed the strain, themselves.
In this latest attack, the cybercriminals deploying Ragnar Locker have changed strategies and directly infiltrated the EDP network – a major target, given its global footprint and the pressure the company would receive to quickly and quietly pay the ransom to get operations up and running again. Whether EDP caves to that pressure and pays to have their systems decrypted – an option cybersecurity experts don’t recommend – remains to be seen.
The EDP ransomware attack
As part of this week’s attack, cybercriminals claim to have accessed EDP group servers and downloaded more than 10 TB of sensitive company files including employee login names, accounts, URLs, notes, and a KeePass password manager database. As proof, the attackers included a link in their ransom note that shows a sample of stolen files and screenshots of more all of which, they threaten, will be published and distributed to EDP’s clients, partners, and competitors if their ransom isn’t paid.
Based on the screenshots, these cybercriminals stole confidential information related to billing, contracts, transactions, clients, and partners. They’re demanding 1,580 bitcoins, about $11 million, to unlock this data. That’s more than 18 times the highest Ragnar Locker ransom news breaker Bleeping Computer has seen before, suggesting a level of confidence from the cybercriminals that they can expect a payday.
How Acronis could have helped
Acronis Cyber Protection solutions combine industry-leading data protection services with innovative AI-based cybersecurity technology to ensure that cyberthreats, including emerging strains like Ragnar Locker, are detected and stopped before they can do damage.
As Topher Tebow, a cybersecurity analyst at Acronis’ Arizona Cyber Protection Operations Center shared in the video above, “this is a huge company and huge damage that could have been easily stopped by Acronis Active Protection,” the AI- and ML-based anti-malware feature found in many of Acronis Cyber Protection solutions.
By constantly analyzing program behavior for unexpected or unusual actions, scanning existing backup files, and allowing users to establish custom program whitelists and blacklists, Acronis Active Protection has stopped more than 487,000 cyberthreats and today provides protection and peace of mind to more than 373,000 individual users, professional users, service providers, and more.
Final Thoughts
With the ongoing, unprecedented COVID-19 pandemic, users are spending more time on digital devices and businesses are forced to spread their network farther and into less secured environments. Cybercriminals like those who attacked EDP are well aware of these changes and are well prepared to exploit them. Make sure your data, applications, and systems are protected in these uncertain times with a new, modern approach to malware detection and elimination.
Defend your systems at home and at work with Acronis Active Protection found in solutions and services for all use cases:
- Acronis Cyber Backup: The world’s most reliable and easy to use backup for businesses of all sizes combines data protection best practices with comprehensive cybersecurity to ensure that all of the data, applications, and systems your organization relies on are defended.
- Acronis Cyber Cloud: A unified cyber protection platform designed to equip service providers with a full range of cyber protection solutions to fit the needs of their clients including backup and recovery, disaster recovery, file sync and share, anti-malware, and more.
- Acronis True Image: Combining reliable backup with proven anti-malware technology, this cyber protection solution for personal users effectively protects home devices, mobile devices, tablets, and more.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.