Un gruppo di hacker afferma di aver rubato quasi 5 TB di dati a Enel, ma la società ha la bocca cucita
Il Gruppo Enel, leader italiano ed internazionale nella produzione di energia elettrica, è di nuovo sotto attacco hacker. Per la precisione un attacco “ransomware“, con il virus NetWalker che è stato infiltrato nella rete dell’azienda e ha criptato circa 5 TeraByte di dati riservati. Gli hacker hanno chiesto un riscatto di 14 milioni di dollari per decriptare i file e minacciano di renderne pubblico il contenuto.
Nessuna dichiarazione in merito da parte di Enel Group, mentre gli hacker stanno parlando e anche molto: per la precisione sul blog dedicato al malware NetWalker che viene pubblicato sul Dark Web ed è accessibile tramite browser TOR. Discovering the post in which the attackers announce that they have hacked Enel's network was the Italian cybersecurity company TG Soft, which announced it on Twitter. In June 2020, Enel had already been attacked with another malware, Snake, also of ransomware type. This time the hackers have also published several screenshots in which you can see the folders of encrypted files, thanks to which you can guess what data was attacked.
Enel encrypted data: what they contain
The Enel data under attack are of two types: a long list of folders that would seem to contain data related to the group's power plants, such as those in Augusta (SR), Bari, Bastardo (PG), Brindisi, Fusina (VE), and many others in Italy and abroad (in Greece, France, Romania), a folder called "Dossier Impianti", and then another series of folders that would instead seem to contain data not related to energy production but more strictly corporate data.
What kind of data are they? Only Enel knows: it could be confidential data on electricity production in individual plants, as well as data that is already public on the group's website. The hackers, however, to put pressure say that "they will analyze every file looking for interesting things" and, if Enel doesn't pay, they will publish everything.
Enel hacker attack: ransom demand
As always happens in case of ransomware attack also in this case a ransom in bitcoin has been demanded. To be precise, the hackers want 1,234 bitcoins from Enel, which at the current exchange rate is worth 14 million dollars.
Usually, if the blackmailed companies do not pay within the set time, those who carry out these attacks at the end of the given time proceed to publish part of the stolen data to put further pressure on the victims.
Enel, the June 2020 attack
It is not the first time that Enel has been targeted by hackers. Most recently, it happened on June 7 when, suddenly, the company's internal computer network began experiencing problems. Immediately it was discovered that the problems were caused by a ransomware (Snake, also called Ekans) and, for this reason, the internal network was isolated to contain any data leakage.
By the morning of June 8, everything had been resolved and, according to Enel, no data on power plants or customers had been stolen or encrypted. This time, however, reading what the hackers write on the Dark Web, the attack seems to have been successful.