European energy giant Energias de Portugal (EDP) was hit by a ransomware attack on Easter Monday, the company has confirmed.
Reported initially by the Portuguese media, attackers used Ragnar Locker ransomware to steal over 10TB of sensitive company files. They are reportedly asking for $10.9 million (£8.2 million), or they will leak the information they have stolen. However, EDP has stated that they are not aware of any such demand.
The company, which operates in 19 countries and four continents including the UK, operates over 26GW of installed wind capacity. This makes it the fourth largest wind power operator in the world, with nearly a billion electricity customers worldwide.
In a statement sent to Current±, the company said: “EDP was the target of a computer attack on its corporate network this Monday, April 13th, which conditioned part of its services and operations. The power supply service and critical infrastructure, however, have never been compromised and we continue to ensure this operation as normal.”
However, according to TechRadar, the attackers posted on Ragnarok's leak site saying they had downloaded over 10TB of private information from EDP's servers, threatening to leak the information to "huge and famous journals and blogs" as well as notifying EDP's clients, partners and competitors.
The company reportedly has 20 days in which to pay the attackers to ensure the data - which the attackers claim is on billing, contracts, transactions, clients and partners - isn’t released.
The Portuguese company is yet to confirm its next steps, stating: “The situation is currently being assessed and we have teams dedicated to restoring the normal functioning of the systems as soon as possible – this re-establishment, in particular of services and operations targeted at customers who have undergone some conditioning, is our first priority.
“EDP is working with the authorities, that were immediately notified of the attack to identify the origin and anatomy of the attack. At this moment, we have no knowledge of a ransom demand.”
The ransomware sample was found by MalwareHunterTeam and BleepingComputer.