EPM is one of the main public suppliers of electricity, water, and gas in Colombia, and it serves 123 towns. It also provides other services. The municipality of Medellin in Colombia is the owner of the corporation, which had revenue of more than $25 billion in 2022 and is located in Colombia. Because the firm’s information technology infrastructure was down and its websites were unavailable, the company informed around 4,000 of its workers on Tuesday that they should work from home.
EPM revealed to the local media that they were reacting to a cybersecurity problem and gave alternate options for clients to pay for services. This was done in order to prevent further disruption to the company’s operations.
The BlackCat ransomware operation, also known as ALPHV, was the one responsible for the attacks. They claimed to have acquired business data while they were carrying out the operations.
Because the firm’s information technology infrastructure was down and its websites were unavailable, the company informed around 4,000 of its workers on Tuesday that they should work from home.
EPM revealed to the local media that they were reacting to a cybersecurity problem and gave alternate options for clients to pay for services. This was done in order to prevent further disruption to the company’s operations.
When BlackCat ransomware attacks are launched, the program known as ExMatter is used to steal data from business networks before the data is encrypted. After then, this information is put to use as a component of the ransomware gang’s efforts to double-extort money.
When the program is executed, it will take data from computers and other devices connected to the network, then store that data on servers controlled by the attacker, organized into folders whose names are derived from the Windows machine names from whence the data was stolen.
Fernández discovered, when doing an analysis of the ExMatter program, that it uploaded the data to a remote server that lacked the necessary level of security, making it possible for any visitor to see the data that was kept on it. As can be seen in the table below, the data for the Colombian version of ExMatter was uploaded into a variety of folders with names beginning with “EPM-.”
A ransomware assault on a Colombian energy firm has occurred in the past, so this is not the first time it has happened.
In the year 2020, the Enel Group was the victim of two separate ransomware attacks in the same year.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.