If China Mobile or Telecom is hacked one day, it will definitely become the modern version of the end of the world...

Would your first reaction be that the network is gone, the signal is gone, and it is basically isolated from the world.

On July 19, 2020, Beijing time, a group of users began to post news on Twitter, speculating that the largest telephone company in Argentina had been invaded by ransomware. Immediately afterwards, cryptocurrency analyst Alex Krüger tweeted that this was true.

event background

event background

Sociedad Licenciatario Norte SA, also known as "Telecom SA", is the largest telephone service company in Argentina.

In this incident, the ransomware targeted Windows hardware such as OneDrive and Office365 on the staff computer, and the user's landline, mobile phone and Internet services were not affected.

Before confirming the ransomware attack on the company, some employees found that the company's VPN was inaccessible, and the Siebel system used to access Personal, Arnet, Telecom and Fibertel databases was malfunctioning.

Based on this, there has been speculation that the hack may have been transmitted to an employee via email as an attachment. The Telecom technical team immediately advised the operator to disconnect from the server and not to open any such files or emails.

secondary title

Analysis of extortion incidents

After the ransomware incident, some analysts said that the attack came from the REvil ransomware.

REvil ransomware, also known as Sodinokibi. In the first half of this year, there were nearly ten extortion incidents caused by REvil alone. It threatened to expose the legal affairs information of dozens of global big-name music and movie stars (including Lady Gaga, Elton John, Robert DeNiro and Madonna), and even issued a statement, If the extortion amount does not meet their conditions, they will expose Trump's scandal. The group has been in the cybersecurity spotlight for carrying out similar ransomware attacks.

Even the exchange Travelex revealed that after it was attacked by REvil ransomware on January 11, 2020, it paid nearly $2.3 million in bitcoin to hackers.

As of now, nearly 18,000 computers of Telecom have been hacked. Although there is currently no evidence that the Telecom blackmail incident was caused by REvil, people still lock the biggest suspicion on the REvil software.

The screenshot shows that it was sent from the official Telecom to its employees, and puts forward some suggestions and requirements that its employees must follow to overcome this ransomware attack.

Ironically, the attackers even directly placed a link to a website that buys Monero to pay the ransom.

safety advice

safety advice

In recent years, the most harmful network security threats range from ransomware and encryption mining with the most attacks to phishing attacks with the most damage. Every security incident is warning the importance of security. Ransomware is effective whether it's a phishing attack on employees or extortion through unsecured RDP (Remote Desktop Protocol).

According to preliminary estimates, the hack affected the daily operations of at least 18,000 teams. Although the number is huge, large enterprises can still support it. This is not the case for small and medium-sized enterprises, which do not have enough security budget and skills, and are more likely to be the main target of ransomware. And once blackmailed, it is likely to bring down the entire enterprise.

The CertiK security team believes that employees' lack of security habits, including reusing and sharing passwords, clicking on links or attachments in unknown emails, and using pirated computer applications, will cause great security risks. Therefore, individuals and corporate organizations need to adopt reasonable security measures and provide relevant security training for employees, so as to improve network resilience and security protection capabilities. When the enterprise cannot meet the security conditions in this aspect, it should contact the third-party security team in time for detailed security customization services and security system establishment.