The Enel Group, a major European power company, has suffered a ransomware attack. Bleeping Computer reports that the Netwalker gang is responsible for the attack, which began on Oct. 19. They were able to prove this because an independent researcher provided Netwalker’s ransom note to the Enel Group. The ransomware gang has threatened the company, which had revenue of $90 billion in 2019, with leaking data until their ransom of $14 million is met. It’s the latest in a string of cyberattacks against municipalities and utilities.
Netwalker has already made good on their threats as researchers have found a blog filled with unencrypted file screenshots. These files appear to be the tip of the iceberg as Netwalker claims that they have stolen roughly 5 terabytes in data from Enel Group. In their communications to the company, the ransomware gang stated they would “analyze every file for interesting things” and publish accordingly.
The Enel Group has not replied to requests for comment from media at this time, including Bleeping Computer. At the time of this article’s writing, there also have not been any press releases from Enel Group. It is safe to say that this investigation and post-exploitation lockdown is on a need-to-know basis.
It seems that the group responsible for Enel Group’s ransomware woes is picking up where others failed. Back in June, the company was attacked by the Ekans (Snake) ransomware gang. In this case, the hackers were deemed unsuccessful as the IT team isolated the malware and purged it before damage was done. Perhaps, however, that was just a trial run.
It is unknown whether Ekans and Netwalker are working together, but $14 million can be split many ways. Perhaps Ekans was probing the defenses and looking for a hole to attack later on. Alternatively, they could have wanted revenge for failing and thereby hatched a scheme with Netwalker to share what they knew of the internal network for a cut of the take. Keep in mind this is pure conjecture, but the possibility cannot be ignored.
Either way, this is a serious security breach, and the advantage is on the side of the attackers for now.
Featured image: Shutterstock