Earlier this week, the energy company Endesa suffered a ransomware cyberattack that had attacked its internal systems and its workers, but its defenses have successfully repelled it.
They confirmed that early on Monday a ransomware was detected on their internal network. "The company temporarily isolated the corporate network to be able to carry out all interventions aimed at eliminating any residual risk," he explains. The connection "was safely recovered at 09:20 on the same day." Investigations into what happened are still underway.
The ransomware had infected the company's servers, which has warned all its employees not to connect through the VPN they use to telework until the incident was resolved. It was early in the afternoon when employees were able to connect normally.
This is not the first time that the company has suffered this type of attack. In 2016, ENDESA suffered a Locky ransomware campaign, which sought to infect the energy company's customers by sending emails with fake invoices from fake accounts similar to those used by the company. , so that when the user tries to see them, the virus will be downloaded to the computer.
Although I have already spoken lightly about ransomware (data hijacking) in other articles, let us remember that it is a type of cyber attack that affects operating system files, blocking them and that is normally accompanied by a ransom request in exchange for removing the block. An example is that of Adif, the public manager of the railway networks. The group that operates the ransomware Sodinokibi demanded a ransom in exchange for not leaking information they had stolen.
These attacks are increasingly frequent in large companies, the problem is that most do not dedicate all the necessary effort to preparing their cybersecurity.
Luckily, it seems that this time ENDESA has been able to control the intrusion and put its systems back into operation in a few hours, a sign that it is well prepared for this type of attack and has good security habits.
1 thought on “Ataque fallido de ransomware a ENDESA”