[MART] - Daily Diary #590 - One More Brazilian Energy Company Hit by Ransomware

[ctas-mat at appgate.com]

Hello,

I hope everyone is doing well!

Below is the entry for today.

09/07/2022 - Diary entry #590:

This week Lockbit added in their wall-of-shame a new entry for Eneva, a Brazilian energy company that operates in the exploration of oil, natural gas and commercialization of electric energy. In the entry, along with the countdown ending on September 20th, they claim to have stolen more than 1TB of data, including "finance, plans for the future, legal information, accounting, marketing, insurance and much more.". Lockbit, covered in multiple of our Daily Diaries, is one of the most dangerous ransomware families currently active. Operating in the ransomware-as-a-service model, they publish a new victim on their wall-of-shame almost every day.

This is not the first time a Brazilian Energy company is affected by a ransomware. In mid-2020 we covered in a blog post REvil's (a.k.a. Sodinokibi) attack on Light S.A. (https://www.appgate.com/blog/electric-company-ransomware-attack-calls-for-14-million-in-ransom). At the time, the criminals demanded a ransom payment of $14 million USD. At the beginning of 2021 both Copel and Eletrobras, two major electrical utilities companies in Brazil, were affected by Darkside, having also stolen more than 1TB of data.

Companies in the energy sector tend to have a large infrastructure with many systems connected to the same network - it's also not uncommon that many of those are outdated, operating on legacy versions of software and operational systems. Being a sensitive type of service, that must recover from incidents as quickly as possible at all costs, it's a full plate for ransomware attacks. Companies of this size must heavily invest in network segmentation, isolating their important assets from external access and limiting the damage in cybersecurity incidents. Sensitive systems that must operate legacy software should be kept off the network whenever possible, avoiding any contact with unauthorized access.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



MART

Malware Analysis and Research Team

Appgate

E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220907/c2c30a66/attachment.htm>