Telecom Argentina Attacked by REvil Actors; $7.5 Million Demanded in Ransom Amount

Hackers have been infiltrating telecom companies to steal large amounts of personal and corporate data and to establish covert surveillance. Recently, hackers targeted Telecom Argentina to create a higher and far-reaching impact across various services and organizations.


What happened

The use of cryptocurrency has always been in spotlight for its association with criminality. But the privacy-focused cryptocurrency Monero (XMR) was at the center of a ransomware attack on Telecom Argentina.
  • In mid-July, hackers launched a ransomware attack against Telecom Argentina, as the employees began noticing trouble accessing the company’s VPN and other databases on 15 July. The attack came through an attachment in an email laden with REvil ransomware.
  • The attack impacted the daily operations of at least 18,000 staff members, and the company had lost access to several Office365 and OneDrive files.
  • Hackers demanded $7.5 million in privacy coin Monero (XMR) and left a message with links to procure the coins. It also further threatened to raise the amount to $15 million (XMR 216,189) if not paid until the deadline of July 21.
  • The attack did not have a major impact on the company's services. However, internal systems such as corporate VPN, Citrix, Siebel, Genesys, the Customer and Field Service virtual machines, and internal users’ PCs were affected by the attack.


Attackers targeting telecommunication organizations

Telecommunications businesses are often a gateway into multiple businesses, and by accessing the core infrastructure of telecom companies, cybercriminals can infiltrate the network and collect data.
  • In June 2020, the Gallium group had launched a malware infection attack on A1 Telekom, the leading fixed and mobile network operator in Austria.
  • In the same month, Dakota Carrier Network (DCN) became a victim of the Maze ransomware, the attack exposed its data online.
  • In May 2020, a security lapse in Jio’s COVID-19 symptom checker exposed one of the core databases containing millions of logs and records.


Final thoughts

Malicious actors gain unauthorized access to a large amount of data at a telecom firm by exploiting known vulnerabilities or by employing carefully crafted social engineering techniques. These types of attacks not only affect a company’s database but also create an impact on its other inter-connected services. Researchers suggest to provide maximum protection to databases and network infrastructure, while also backing up data regularly.