Clean energy company Invenergy said on Friday that it has been hacked, but it “does not intend to pay any ransom” after one of the world’s most notorious ransomware groups threatened to leak information about its billionaire CEO. Awkward details.
The Chicago-based private company, known for building large wind and solar farms, said it has “investigated unauthorized activities on some of its information systems” and complied with all regulations that require disclosure of data breaches.
Invenergy stated that its operations were not affected by the attack and added: “Invenergy has not paid and does not intend to pay any ransom.”
According to the screenshots seen by the Financial Times, Russia-related REvil is one of the most prolific ransomware hacker cartels. The organization claimed on its dark website to have hacked the company and downloaded 4 TB of data. Include project and contract information. .
It also claimed that it had “very personal and sensitive” information about the company’s CEO Michael Polski. According to hackers, this included personal emails of the energy giant, leaked photos, and details of his divorce from his first wife Maya Polski. Invenergy did not comment on these claims.
In 1976, after Polski immigrated to the United States from the Soviet Union Ukraine with 500 US dollars, he accumulated 1.5 billion US dollars of wealth by establishing a power company. According to ForbesIn 2007, a judge ruled that Ms. Polsky should Grant Half of her husband’s cash and assets at the time—about 180 million U.S. dollars—was one of the most expensive divorce cases in history.
At the time of the Invenergy incident, the scourge of cybercrime activities has become increasingly serious, including ransomware attacks, in which hackers obtain data and release it only after paying a ransom, which may weaken the victim’s business, such as the recent investigation of colonial pipelines Hackers attacked us.
Recently, ransomware organizations have begun to threaten to leak data as an additional means to pressure targets to make payments. Many people operate “leak sites” on the dark web, where they post threats to their targets, and then post stolen data if these targets refuse to pay.
Some hacking groups claim to have completely switched to a penetration-only model called “ransomware”, relying solely on the threat of reputational damage to win payments, usually in cryptocurrency.
Invenergy stated that the attacker “didn’t encrypt any data”, indicating that REvil either chose not to encrypt the company’s data and interrupted its business, or the encryption attempt failed.
“Threat groups are… increasingly using any embarrassing information they obtain as a lever for executives who may be able to influence the decision whether to pay the demand,” Brett Callow, threat analyst at cybersecurity organization Emsisoft Say.
“Unfortunately, this is a strategy that may work. Even [if] These statements are wrong, and some companies may be willing to pay just to make the embarrassing situation go away. ”