Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

REVil ransomware infected 18,000 computers at Telecom Argentina

Another telco company was hit by a ransomware, roughly 18,000 computers belonging to Telecom Argentina were infected over the weekend. Telecom Argentina, one of the largest internet service providers in Argentina, was hit by a ransomware attack. Ransomware operators infected roughly 18,000 computers during the weekend and now are asking for a $7.5 million ransom. […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

Another telco company was hit by a ransomware, roughly 18,000 computers belonging to Telecom Argentina were infected over the weekend.

Telecom Argentina, one of the largest internet service providers in Argentina, was hit by a ransomware attack. Ransomware operators infected roughly 18,000 computers during the weekend and now are asking for a $7.5 million ransom.

The incident took place on Saturday, July 18, it had a severe impact on the company operations. The attackers initially gained access to the company network, then they took control over an internal Domain Admin and used the access to infects thousands of machines.

The incident did not cause connectivity issues to the ISP’s customers, fixed telephony or cable TV services were not affected to.

Many websites operated by Telecom Argentina were taken offline by the attack. The security researcher German Fernandez speculated the involvement of REvil ransomware in the attack against Telecom Argentina.

Immediately after the attack was detected by the internal IT staff, the company warned its employees of not connecting its internal VPN network and avoiding opening emails with suspicious archive attachments.

REvil (Sodinokibi) ransomware gang published a page dedicated to the Telecom Argentina on its dark web payment portal.

The page on the portal shows a ransom demand of 109345.35 Monero coins (approximately $7.53 million). Anyway at the time of writing, the ransomware gang did not include Telecom Argentina in the list of its victims on its dark web leak site. The ransomware operators are threatening the ISP to double the ransom if it will not pay the ransom after three days.

In the past, REVil operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points.

Telecom Argentina was not the first ISP targeted by REvil ransomware operators, in May the gang infected systems at Sri Lanka Telecom.

Recently another ISP was hit by a ransomware attack, in early July Orange SA suffered an attack that reportedly exposed the data of 20 of its enterprise customers.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, REVil ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]