During saturday Telecom suffered a ransomware attack that it shut down its customer service systems; in total, the hackers asked for $ 7.5 million to release the keys that rehabilitate access to the affected computers; the company, however, says it was able to neutralize the attack without paying the ransom.
Without affecting customers
The spread of the malicious code affected the computers of the teams that provide remote customer service (and that use special software for this), and not the subscribers of Telecom, Personal or Fibertel, as confirmed by the company, which explained that the attack was contained during the afternoon and evening yesterday, and then customer services were gradually restored.
What is a ransomware
A ransomware It is a malicious application that when activated encrypts files and gives them a key. Sometimes it searches for specific files or applications, sometimes it does it randomly (or tries to do it with the entire hard drive). Encrypting them means “mixing” their content (the data bits that make the program work) in such a way that that application or document is useless; only with a key (a password) can this data be reverted to its original state.
With ransomware you always demands a ransom to return the password that will decrypt those files or programs, usually vital for the attacked company (ransom, is ransom). He The best known case is the one that in 2017 affected companies around the world, and paralyzed ports and power plants in Europe.
Payment in cryptocurrency
In the case of the attack on Telecom, the attack asked for a payment of 7.5 million dollars in Currency, a cryptocurrency that has a strong focus on anonymity; the ransomware message said it would double to 15 million in 48 hours.
Telecom assures that it did not pay the required amount and that – as has happened in other attacks on other companies – it found a way to violate the ransomware’s encryption and regain access to its software.
In a statement, the company reported that “it managed to contain an attempt by a globally dispersed cyber attack on its platforms. No critical services of the company were affected. It should also be noted that no client of the company was affected by this situation, as well as the company’s databases. Customer service efforts, suspended preventively, were gradually restored. “