Hackers create copies of VPN services with the AZORult trojan to steal user data

Hackers published EDP's internal information on the Dark Web because the ransom request had not been paid

The hackers behind the EDP computer attack published internal company documents on the Dark Web after the 10 million euro ransom request was not made. Among the documentation in question are data from hundreds of employees of the group in the United States.

According to information provided by Expresso, although the redemption request has recently increased to 3,160 bitcoins, the new reference amount has disappeared. Later, the hackers informed the company led by Antnio Mexia that they had eliminated the decryption keys of the pirated folders, in order to make it impossible to recover the content.

Apparently, several images of the areas invaded at EDP were deposited on a page on the Dark Web in addition to the internal documentation. Among the files is a crisis management plan by EDP Renováveis ​​in the USA, the last version of which dates back to 2017. The list of workers' information includes data such as, for example, employee numbers, names, emails, birth dates, salary level, race or marital status.

In addition, in the folders to which hackers were able to access were information about meetings with the Portuguese Government and documents with data from company administrators.

When asked by Expresso about the most recent events in relation to the attack, EDP indicated that the recovery of the attacked equipment and systems was ensured by the company's teams and that the recovery work is practically completed. EDP's official source confirmed to the weekly that the company had not received a ransom request.

It is recalled that, recently, the Jucidiria Police detained a 19-year-old linked to Cyberteam for DDoS attacks on public and private entities. However, Dr. Carlos Cabreiro, director of the National Unit to Combat Cybercrime and Technological Crime (UNC3T), ruled out any connection between the young man and the recent EDP attack.