Argentina’s telecom company faces $7.5M Monero ransom in major cyberattack

The largest telecommunications company in Argentina could be forced to shell out Monero ransom worth $7.5 million following a major ransomware attack on its systems last week.

Monero’s privacy feature has proven to be its strength as well as weakness. While on the one hand, it is lauded for being one of the very few cryptos that keep user’s information private. It has also seen increasing use as Monero ransom in cyberattacks

Today, as public pressure against this anonymous currency mounts amid rising hacks and money laundering activities, several cryptocurrency exchanges continue to delist the coin from their platform.

Argentina’s telecom company under attack

Now, reports have emerged that an Argentinian telecom services provider, Telecom Argentina S.A, is facing a severe cyber-attack that has crippled its systems by targeting the company’s VPN, Citrix, Siebel, Genesys, and several employees’ PCs.

What was merely assumed to be an IT performance issue, later turned out to be a major ransomware attack with users being unable to connect to the help desk. The employees were asked not to access any files or emails and even to disconnect terminals from the system. 

A probe revealed that the attack activated through an email attachment, following which the firm’s customer relationship management (CRM) became unresponsive. Although the attack has not affected users’ accessibility to their mobile connection or data, it has targeted the internal systems that contain sensitive information, said the reports.

Pay up $7.5M Monero ransom, or hackers double the stakes

On July 18, a Twitter user posted that hackers are demanding millions of dollars worth Monero ransom from the company, with a deadline of July 21, if they wish to gain back the control of their network system. The hackers went a step ahead and left a link on how and where to buy it from. If Telecom Argentina fails to meet this deadline, the ransom amount will be increased to over $15 million.

In its official memorandum to its employees, the firm has cautioned the employees against accessing the affected corporate network, not accessing emails or open an unverified attachment, and completely shutting off systems until the issue is resolved. It has assured its users that it is currently working on a practical solution to the problem. 

Meanwhile, a further probe has revealed that the malware used was a form of REvil ransomware, which came into the limelight earlier this year, with a relatively unknown and coercive tactic to make victims pay up their Monero ransom demand. In January, the attackers launched an auction site that threatened victims of selling their sensitive information online in case they decide not to give in to the demand.

About the author