RagnarLocker ransomware operators attacked Energias de Portugal energy holding and demand a ransom of 10 million euros

The Bleeping Computer magazine reported that at the beginning of this week, ransomware RagnarLocker attacked the Portuguese multinational company Energias de Portugal.

RagnarLocker ransomware operators claim that during the attack they stole more than 10 TB of confidential files from the company, and now they threaten to “dump” them into open access if the ransom is not paid.

“As a warning, attackers have already released the edpradmin2.kdb file, the KeePass password manager database. In this database you can find information about usernames, passwords, accounts, URLs and notes of employees of Energias de Portugal”, – report Bleeping Computer journalists.

According to the ransom note left in the company’s systems, the attackers also managed to steal confidential information about billing, contracts, transactions, customers and partners of Energias de Portugal.

The publication also reports that RagnarLocker operators mocked the company’s employees through a “chat for customers”, which hackers use to communicate with their victims.

In particular, the attackers asked the victims to read the article about the company on the site where the leaks are published, and asked if the company was ready to find its personal information in the news, technical blogs and on stock exchange resources.

Representatives of Energias de Portugal assured Bleeping Computer reporters that this attack did not affect the company’s critical infrastructure and energy supply:

“On Monday, April 13, EDP was the victim of a computer attack on a corporate network, which is an important part of our services and operations. However, the power supply services and critical infrastructure of the company were not compromised, and we continue to work as usual. The situation is currently being assessed, and a number of teams are already engaged in restoring the normal functioning of the systems. At the moment, we are not aware of the alleged ransom demand, we only saw this information, which was published in the media.”

EDP said it was already collaborating with authorities who were immediately notified of the incident, and was trying to determine the source and nature of the attack.

Recall that large industrial companies are at risk of ransomware attacks: for example, last year, Swiss company Aebi Schmidt stopped production because of ransomware virus attack, as well as media holdings and municipal structures. Moreover: ransomware attacks pose a threat even to the upcoming US elections.

If you are reading this material, you may need to think again about how much your data is protected.