Ragnar Locker Ransomware Gang Sets Own Record Demanding About $11M From EDP

Delaware, USA – April 15, 2020 – Ragnar Locker ransomware hit Energias de Portugal (EDP), a global energy company and one of the largest producers of wind energy. BleepingComputer informs that attackers claim to have stolen 10TB of sensitive data including employees’ credentials, financial information, and data related to partners and customers. They use the threat to disclose the stolen data as an additional lever to force EDP to pay 1580 BTC ransom. It is not known how attackers entered the organization’s network and quietly retrieved such a huge amount of data. During past attacks, the group compromised the Managed Service Providers, and through their network gained access to systems in the networks of high-profile targets. Ragnar Locker appeared less than six months ago and was created for attacks on enterprises since the ransomware targets multiple processes related to remote management software commonly used by MSPs.

During the COVID-19 pandemic, the number of ransomware attacks on critical infrastructure and the healthcare sector is not reduced despite the fact that the attack may not only lead to financial losses but also the loss of human life. Many threat actors use COVID-related phishing emails to deliver malware. Palo Alto Networks reports ransomware attacks on Canadian healthcare organizations in which attackers spoof the World Healthcare Organization’s official email. The U.S. Federal Bureau of Investigation warns about ongoing BEC schemes exploiting the COVID-19 pandemic that target government agencies and health care organizations. In these difficult times, we want to help Hospitals and Pharmaceutical organizations worldwide strengthen their protection against cyberthreats. Any healthcare organization registered at Threat Detection Marketplace can access 500+ TTP-based Phishing detection rules, get free API and Custom Data Schema Mapper access for 2 months, and 4 Customer Success sessions to speed up onboarding. Details: https://socprime.com/en/blog/soc-prime-provides-healthcare-organizations-with-free-siem-content-for-covid19-phishing-attacks-detection/