EDP Renewables North America Confirm Ragnar Locker Attack on the Energias de Portugal

Ragnar Locker ransomware, first discovered in December 2019, is known for targeting Managed Service Providers (MSPs). But recently, the ransomware was found targeting a Portuguese multinational energy giant, showing its interest in the energy sector as well.

What happened

The attack on the Portuguese multinational energy giant Energias de Portugal (EDP) started in April 2020 and till July 2020 new layers about the impact of the attack kept unfolding.
  • In June, via a breach notification letter, EDP Renewables North America (EDPR NA) confirmed that its parent corporation Energias de Portugal had experienced a ransomware attack a few months ago, which had impacted EDPR NA systems as well.
  • In April, Ragnar Locker ransomware operators had targeted the EDP Group and demanded a 1580 BTC ransom ($10.9M or €9.9M).
  • The operators stole over 10 TB of sensitive company files from EDP Group servers and threatened to leak the data if the ransom was not paid. The stolen data included confidential information on billing, contracts, transactions, clients, and partners.

Recent attacks on Energias de Portugal

Cybercriminals have been targeting energy and power sector organizations as this sector holds sensitive intellectual property, attracts large investments, and generate high revenues.
  • In December 2019, hackers launched phishing attacks involving Energias de Portugal for financial gains.
  • In the same month, Lampion malware operators targeted EDP users via phishing campaigns using email templates based on the Portuguese Government Finance & Tax.

Ways to stay secure

Users should not open unsolicited or suspicious attachments or web links received in emails. Avoid using third-party downloaders (and installers) and peer-to-peer networks such as bittorrent. Scan the operating system for threats regularly using reputable anti-spyware or antivirus software and keep it up to date.