

EDP Renewables North America LLC has confirmed that it was targeted in a ransomware attack, with the company advising that those behind the attack gained unauthorized access to some information stored on its information systems.
The attack was first reported in April and is believed to have involved the use of Ragnar Locker ransomware. Ragnar Locker is a form of ransomware that attacks Microsoft Windows and usually targets software used by managed service providers to prevent the attack from being detected and stopped.
Once successfully deployed on a targeted computer or network, Ragnar Locker at first performs reconnaissance and pre-deployment tasks, including stealing a victim’s files before encrypting files and demanding a ransom.
In this case, it’s believed that those behind the Ragnar Locker attack demanded a 1580 bitcoin ($14.67 million) ransom with a threat that if the ransom wasn’t paid, they would publish more than 10 terabytes of information stolen from EDP’s network. The company refused to pay the ransom.
In a letter to customers, EDP claimed that it had no evidence that those behind the ransomware attack had obtained personally identifiable information. Despite that claim, the company, which has 11 million customers across 19 countries, is offering one year of identity protection services from Experian IdentityWorks for free “as a proactive measure.”
“The pattern that jumps out at me is that the critical infrastructure sectors are a continuing and growing target of attack for this type of extortive crime despite global law enforcement efforts,” Michael Daly, chief technology officer at Raytheon Intelligence & Space, a division of defense and aerospace company Raytheon Technologies Inc., told SiliconANGLE. “I think it’s extremely important to conduct cyberthreat hunting after such a breach and it is truly good practice to have a continuous hunting campaign, as through a managed detection and response service. In cases like this, the criminals maintain footholds in order to jump back in, and to jump to other business adjacent enterprises.”
Torsten George, cybersecurity evangelist at cybersecurity firm Centrify Corp., noted that “we are seeing an uncommon but increasing trend of cybercriminals carrying out ransomware attacks by not only encrypting organizations’ systems but exfiltrating data and threatening to release it publicly as additional blackmail.”
“Only a small percentage of ransomware attacks take this extra step today, likely because it increases the risk of detection and identification of the attacker,” George explained. “The ones that do take this route, like in the case of the Energias de Portugal [EDP] incident, are likely motivated by the extra payout they’ll receive if the company caves.”
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.