Content

EDP Renewables says PII compromised in Ragnar Locker attack

An apparent Ragnar Locker ransomware attack on the parent company of EDP Renewables put information of some of its customers at risk although the firm said it has no evidence PII was accessed.

The attack could have exposed names and Social Security numbers stored in the company’s systems, though in a letter to customers, EDPR NA said it does not maintain other personal information like payment card data or driver’s license numbers.

Energias de Portugal experienced the attack on April 13 but EDPR NA didn’t learn until May 8 “that the attackers had gained unauthorized access to at least some information stored on [its] own information systems.”

“In the case of EDP Renewables, it appears the attack was contained to their enterprise systems and mainly confidential information regarding things like billing and contracts were targeted,” said Tripwire Vice President and General Manager of Industrial Cybersecurity Kristen Poulos, who noted that ransomware attacks are of concern to companies with both heavy IT and OT footprints. “Though that's a significant challenge in and of itself, if such attacks were to permeate into the OT space (due to improper segmentation between IT and OT), they could infect systems critical to energy output, like HMIs and engineering workstations. Luckily, this did not appear to be the case this time.”

EDPR NA has taken measures to boost security, “implementing new IT processes and login requirements, including multifactor verification, to limit the likelihood of a recurrence,” the notification letter said.

“More advanced ransomware types, like Ragnar Locker, even threaten to leak data,” said Richard Cassidy, senior director of security strategy at Exabeam.

“We are seeing an uncommon but increasing trend of cybercriminals carrying out ransomware attacks by not only encrypting organizations’ systems but exfiltrating data and threatening to release it publicly as additional blackmail,” agreed Torsten George, cybersecurity evangelist at Centrify. “Only a small percentage of ransomware attacks take this extra step today, likely because it increases the risk of detection and identification of the attacker. The ones that do take this route, like in the case of the Energias de Portugal incident, are likely motivated by the extra payout they’ll receive if the company caves.”

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.