Hackers attack Telecom Argentina and ask for USD 7.5 million in Monero

This Saturday night, hackers attacked Telecom Argentina, with a malicious software (ransomware). They are asking for 7.5 million dollars in Monero (XMR). Most notably, it knocked out their customer service systems.

One local media reported that the hackers asked for 7.5 million dollars in the Monero crypt currency, a digital currency very similar to Bitcoin. But, it offers a higher level of security and anonymity for users and their transactions.

Hackers attacked Telecom Argentina

The hackers behind a failed ransomware attack demanded $7.5 million in monero (XMR). To allow infected computers to return to normal operations.

According to unidentified Telecom S.A. employees, the company’s network was under attack for up to 72 hours. As a result, it affected employees‘ access to its virtual private network (VPN) and various databases.

Rumors of a crypto-currency rescue first began circulating on Twitter on Saturday. After economist and renowned crypto-twitter commentator Alex Kruger tweeted that hackers were demanding a $7.5 million privacy-focused crypto-cash.

The tweet, which includes an image indicating that the hackers, threatened to double the ransom to $15 million if it was not paid within 48 hours.

City is paralyzed by hackers demanding Bitcoin
Report of the attack

The ransomware attack specifically affected the Telecom call center. Even so, ransomware was eventually contained by the IT workers of the Argentine conglomerate. In a statement issued to the local media, the company reported

„Telecom reports that it managed to contain an attempt at a cyber attack, of global dispersion, on its platforms“.

It added: „The company’s critical services were not affected. Definitely, none of the company’s clients were affected by this situation, nor were the company’s databases. Equally important, customer service efforts, preventively suspended, will be gradually restored“.

Similarly, the attack does not appear to have affected the services provided by the company, such as landlines, mobile phones or the Internet.

In the same vein, they claim that the hackers successfully implemented their ransomware, on more than 18,000 workstations across the company.

The report also adds that the ransomware gang REvil, or Sodinokibi, could be behind the attack. Since the hackers posted a tweet claiming responsibility, they attached a screenshot of the website. But, it was removed sometime between July 19th and 20th.

In fact, since the hackers‘ entry point was a malicious email attachment sent to one of the Telecom employees. It doesn’t fit in at all with the tactics used by the gang.