A ransomware attack hit Telecom Argentina, one of the largest internet service providers in Argentina, infecting roughly 18,000 computers. The company, according to the latest reports, is also being asked for a $7.5 million ransom.
The incident, which occurred on Saturday, July 18, had a negative effect on the company operations. The hackers first gained access to the company network, then they took control over an internal Domain Admin and used the access to affect thousands of machines.
The attack got many websites operated by Telecom Argentina offline, with security researcher German Fernandez conjecturing the involvement of REvil ransomware against Telecom Argentina.
Soon after the attack was spotted by the internal IT staff, the company cautioned its employees of not connecting its internal VPN network and avoiding opening emails with doubtful archive attachments.
REvil ransomware gang published a page devoted to the Telecom Argentina on its dark web payment portal.
The page on the portal displays a ransom demand of 109345.35 Monero coins, but the ransomware gang did not include Telecom Argentina in the list of its victims on its dark web leak site. The ransomware operators are threatening the ISP to double the ransom if it does not pay the ransom after three days.
Telecom Argentina was not the first ISP targeted by REvil ransomware operators. In May the gang infected systems at Sri Lanka Telecom as well.