The richest and most dangerous hacking group infects with ransomware the Spanish telecommunications firm MásMóvil

The REvil ransomware group announced on its dark web platform the theft of a large amount of information extracted from MásMóvil, one of the most important telecommunications companies in Spain. Sources close to the company mention that the hackers have not sent a ransom note yet.

Screenshots posted by hackers as evidence of the attack can show folders with names like RESELLERS, OCU or PARLEM, so it is not clear exactly what kind of information was compromised. In the post, the hackers only posted a brief message: “We have downloaded your database and other important data.”

Since the leak became known, multiple members of the cybersecurity community have tried to contact MásMóvil, although the company only responded by issuing a brief press release inges that this incident does not pose an operational risk to the company. However, the incident will be investigated like any other cyberattack, so more news could be revealed shortly.

If the veracity of this incident is confirmed, this would not be the first time that an REvil operator group has been detected in Spain. Previously this malware variant was associated with Adif in an incident that led to the leak of millions of confidential records after the company refused to negotiate with threat actors.

Although REvil (or Sodinokibi) was already a hacking group with extensive experience, the onset of the coronavirus pandemic represented a new high point in the activity of these cybercriminals, attacking multiple organizations and individuals, mainly in the U.S. 

This group also pioneered the attack variant known as “double extortion,” which involves stealing sensitive information from affected systems before activating ransomware, allowing attackers to use the stolen information to threaten victims and force ransom payments.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.