Ragnar Ransomware Operators Targets Energias de Portugal, the Leading Global Company in the Energy Sector

As usual Ragnar ransomware operators add another data breach to their name. In this instance, they breached Energias de Portugal (EDP), which is the leading global energy provider company based in Portugal. 

The Energias de Portugal was been established on 30 June 1976. The Group became the first Iberian company to own significant generating and distribution assets in both sides of the border, with a controlling position in the Spanish company HC Energía, and it is also present in the electricity sectors of Latin America – with a major presence in the United States, Brazil, Africa, and Macau, in the generation, distribution and trading businesses. The EDP Group’s activities are centered on the generation and distribution of electric power, as well as the information technologies areas. In addition, the group’s business includes complementary and related areas, such as water, gas, engineering, laboratory testing, vocational training, and real estate management. As a global energy provider and with over 16000 number of suppliers, EDP has been earning an average annual revenue of more than 3,000 million euros. 

Below is the message being posted by the Ragnar ransomware operators on their website-:

The Cyble Research Team has verified the data leak of over 10TB. They state that the data leak includes highly sensitive and confidential data of the company such as EDP’s employee database, detailed crisis management plan document, list of admin passwords, and many more. Below are the snapshots of a few of the sensitive leaked files from the large lot.

Snapshot of File and Folder being Leaked

Snapshot of the list of EDP’s admin Usernames and Passwords

Part of the EDP’s Crisis Management Plan

Snapshot of the EDP’s Employee Database

After further analysis, it looks that the Ragnar ransomware operators have executed this data breach only to make the organizations more precautious of their security systems. With the vision to reduce the number of these types of cyberattacks, Cyble not only holds the largest data breach monitoring search engine that holds over 40 billion darkweb records but also provides the services which include enabling faster detection of cyber threats via Cyble Vision and providing clear visibility to third-party cyber threats and risks via their Third-Party Cyber Risk Intelligence Platform.

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.