Skip to content ↓ | Skip to navigation ↓

Renewable energy company EDP Renewables notified its landowners of a ransomware attack that it suffered in the spring of 2020.

In a sample notification letter received by the Attorney General’s Office of Vermont, EDP Renewables informed its landowners that its information systems had suffered a ransomware attack on April 13, 2020.

EDP Renewables responded by launching an investigation into the incident. This effort revealed that those responsible for the attack had gained access to at least some of the information stored on the affected information systems.

The company had not found evidence that the attack had affected its landowners’ data, EDP Renewables explained in its letter. Even so, it noted that its information systems had stored some landowner information such as names and Social Security Numbers at the time of the incident.

Acknowledging this reality, the company decided to offer its landowners with a complementary year-long membership to Experian’s IdentityWorks identity protection services. It also urged landowners to consider taking additional safeguards against identity thieves by reviewing their account statements and by placing a security freeze on their credit reports.

In its notification letter, EDP Renewables did not name the strain of ransomware responsible for the attack. But the timeline of the ransomware infection coincided with an attack in which the Ragnar Locker crypto-malware family posted some information belonging to the renewable energy company on its data leaks website. Those responsible for the ransomware threatened to release the remainder of the 10TB that they had stolen from the company if they did not receive a ransom payment of 1,580 bitcoin (worth $11 million at the time of the attack).

The attack described above highlights the ongoing threat posed by ransomware. The level of risk is even higher for organizations that have both IT and OT footprints. Tripwire Vice President and General Manager of Industrial Cybersecurity Kristen Poulos made this case clear to SC Magazine:

In the case of EDP Renewables, it appears the attack was contained to their enterprise systems and mainly confidential information regarding things like billing and contracts were targeted. Though that’s a significant challenge in and of itself, if such attacks were to permeate into the OT space (due to improper segmentation between IT and OT), they could infect systems critical to energy output, like HMIs and engineering workstations. Luckily, this did not appear to be the case this time.

Clearly, organizations to defend themselves against ransomware. The best way that they can do that is by working to prevent a crypto-malware infection in the first place. These tips will help in that regard.