Major American Agriculture Cooperative Hit by the ‘BlackMatter’ Ransomware Gang
Published on September 21, 2021
Hackers have managed to cripple the systems of Energias de Portugal (EDP) using the Ragnar Locker ransomware strain. EDP is Portugal’s largest electric and gas energy provider, and also a big player in the Spanish, U.S., Brazilian, and South Chinese market. That said, the ransom that the actors are asking for now is naturally a hefty one, set at 1,580 BTC, which is the equivalent of approximately $10.8 million. In addition to locking files, the attackers have also exfiltrated the data, and they are now threatening to leak sensitive documents.
This continues the trend of ransomware actors who are not limited to infecting the victim’s systems but also engage in continual extortion by using stolen files. In this particular case, the actors have seized more than ten terabytes of data, some of which EDP would prefer to keep private. The hackers have even published screenshots of the stolen files to prove that they indeed possess the claimed contracts, billing details, transactions, etc.
They are now threatening to publish the files in various online blogs and journals, while also notifying all of EDP’s clients, partners, and competitors. It is a catastrophic development for the energy giant, who is now forced to negotiate with unreliable crooks. Even if the company decides to pay the ransom, there’s nothing that would guarantee the confidentiality of the stolen data.
The actors plan to leak the stolen files in parts, and from what they unveiled in the published images, they hold password manager databases, employees’ network login credentials, notes, URLs, and other sensitive data that they have neatly bundled in individual packs. As for the ransom note to EDP, this is given below. In it, the actors provide instructions on how to respond to this crisis, offering a secure communication portal via a chat room. EDP’s agents are even advised to be patient, as the actors aren’t in the chat room 24/7.
We are pretty sure that those who determine the cyber-security budget in EDP are now dealing with a blow of regret and contrition, but they should have known better. Ragnar Locker has been attacking large corporations for over four months now, delivered via MSP enterprise support tools like ConnectWise and Kaseya remote management software solutions. EDP had the time to mitigate these risks and should have paid attention to the news when the actors were requesting $200k to $600k. Not doing so will now cost them millions in ransom payments, business disruption, confidential data exposure, and IT systems cleanup.