RagnarLocker ransomware operators attacked Energias de Portugal energy holding and demand a ransom of 10 million euros

The Bleeping Computer magazine reported that at the beginning of this week, ransomware RagnarLocker attacked the Portuguese multinational company Energias de Portugal.

Now the attackers are demanding a ransom of 1580 BTC (10.9 million dollars or 9.9 million euros).

RagnarLocker ransomware operators claim that during the attack they stole more than 10 TB of confidential files from the company, and now they threaten to “dump” them into open access if the ransom is not paid.

“As a warning, attackers have already released the edpradmin2.kdb file, the KeePass password manager database. In this database you can find information about usernames, passwords, accounts, URLs and notes of employees of Energias de Portugal”, – report Bleeping Computer journalists.

According to the ransom note left in the company’s systems, the attackers also managed to steal confidential information about billing, contracts, transactions, customers and partners of Energias de Portugal.


Energias de Portugal is a transnational holding company that produces distributes and delivers electricity across networks and markets, and also purchase and delivers to the markets natural gas. Energias de Portugal is the largest manufacturing company in Portugal, as well as one of the largest wind power producers in the world. The company is represented in 19 countries and on 4 continents, has more than 11,500 employees and provides energy to more than 11 million customers.

The publication also reports that RagnarLocker operators mocked the company’s employees through a “chat for customers”, which hackers use to communicate with their victims.

In particular, the attackers asked the victims to read the article about the company on the site where the leaks are published, and asked if the company was ready to find its personal information in the news, technical blogs and on stock exchange resources.

RagnarLocker attacked Energias de Portugal

Representatives of Energias de Portugal assured Bleeping Computer reporters that this attack did not affect the company’s critical infrastructure and energy supply:

“On Monday, April 13, EDP was the victim of a computer attack on a corporate network, which is an important part of our services and operations. However, the power supply services and critical infrastructure of the company were not compromised, and we continue to work as usual. The situation is currently being assessed, and a number of teams are already engaged in restoring the normal functioning of the systems. At the moment, we are not aware of the alleged ransom demand, we only saw this information, which was published in the media.”

EDP said it was already collaborating with authorities who were immediately notified of the incident, and was trying to determine the source and nature of the attack.

Recall that large industrial companies are at risk of ransomware attacks: for example, last year, Swiss company Aebi Schmidt stopped production because of ransomware virus attack, as well as media holdings and municipal structures. Moreover: ransomware attacks pose a threat even to the upcoming US elections.

If you are reading this material, you may need to think again about how much your data is protected.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button