Enel Group suffered the second ransomware attack this year

October 27, 2020  By Pierluigi Paganini


Multinational energy company Enel Group has been hit by Netwalker ransomware operators that are asking a $14 million ransom.

Systems at the multinational energy company Enel Group has been infected with Netwalker ransomware, it is the second ransomware attack suffered by the energy giant this year. Netwalker ransomware operators are asking a $14 million ransom for the decryption key, the hackers claim to have stolen several terabytes from the company and threaten to leak them if the ransom will be not paid.

Enel S.p.A., or the Enel Group, is an Italian multinational energy company that is active in the sectors of electricity generation and distribution, as well as in the distribution of natural gas.

The company has more than 61 million customers in 40 countries, it ranks 87 in Fortune Global 500, with $90 billion in revenues in 2019.

In June, Enel was hit by Snake ransomware, but the attack was quickly contained and the malware was not able to spread within its network.

The news of a possible ransomware attack against Enel Group was reported to BleepingComputer by a researcher on October 19.

The researcher shared with BleepingComputer a Netwalker ransom note that appeared to be used in the attack on Enel Group.

Netwalker Enel Group ransom-note
Source Bleeping Computer

BleepingComputer attempted to notify Enel Group last week without success. A few days later, Netwalker announced the leak of the company data through their support chat.

Enel never replied to the message of the ransomware operators, for this reason, the attackers started leaking a portion of the stolen data as proof of the data breach.

The operators are asking $14 million worth of Bitcoin (roughly 1234.02380000 BTC).

ENEL group netwalker-page-for-enel
Source Bleeping Computer

Today, the Netwalker ransomware operators added Enel Group to their data leak site and some screenshots of unencrypted files stolen from the company.

The Italian cyber security firm TG soft publicly shared the news of the attack in a tweet:

The hackers stole about 5 terabytes of documents from the company and announced that they will “analyze every file for interesting things” and publish it on their leak site.

At the time of publishing this post, the company have yet to confirm the incident, let’s remember that the company conduct will have to be in compliance with the current EU privacy legislation GDPR.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ENEL Group)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Google removes a set of 21 malicious apps from the Play Store

 Google has removed 21 malicious apps from the official Play Store because they were found to serve intrusive and annoying...