BlackCat Returns: Colombian Energy Supplier EPM Hit with Ransomware
Ransomware attacks have reached an all-time new high in 2021 and they kept increasing the following year. Companies are now aware of most of the malicious operators, particularly those behind BlackCat. Well, apparently, awareness is not enough to avoid such attacks as BlackCat has recently taken over Colombian energy supplier (EPM)’s files.
BlackCat surfaces every now and then, but don’t let its absence fool you. The threat actors behind this ransomware don’t settle for small companies. Instead, they target those that make incredible yearly revenue.
Speaking of, EPM made over 25 billion dollars in revenue during this year, which explains why it fell on BlackCat’s radar. How did the threat actors manage such an attack? How much is the ransom? Find out below.
BlackCat Strikes, Full-on Energy
As we mentioned, BlackCat’s targets are always companies with reputable names in their respective industries.
With Empresas Públicas de Medellín being one of Colombia’s largest public energy, water, and gas providers, it’s no brain-scratcher that the malicious group is interested in its money.
The news of the breach came in the form of a statement from the company to its employees. Nearly 4000 of them were asked to work remotely as the IT infrastructure was down, along with the unavailability of the company’s websites.
EPM managed to inform its customers about this cybersecurity incident, but it did not stop its operations. In fact, in an issued disclosure statement, EPM provided alternatives in which their customers can pay for its services.
BlackCat ransomware operation, aka ALPHV, has claimed the attack. Below, you can the ransom note from the EPM attack:
According to the note, the stolen data includes employees’ personal information, a complete network map, private financial information, as well as manufacturing documents.
For a company as big as EPM, that’s a lot of information to be out in the open, especially if the threat actors decided to sell it on the dark web.
The ransomware gang uses a tool that goes by the name of ‘ExMatter’ – a data-theft tool that allows them to exfiltrate the victims’ files and upload them into BlackCat’s servers.
Then, the cybercriminals sort the data into several folders that start with “EPM.” The image below shows exactly how the files are uploaded:
These types of attacks are getting out of control. Usually, they end up with a ransom that goes up to 1 Bitcoin. With a company of EPM’s caliber, we’re pretty sure the threat actors are going to ask for a lot.
BlackCat Drains EPM’s Energy
The problem with ransomware is that a lot of companies know about its existence, but fail to avoid it. Even big companies around the world that specialize in tech fell victim in the end.
Yes, none other than Samsung disclosed breaches in the past. So, the question is: If these companies cannot circumvent these attacks, what can be done?