International energy provider Energias de Portugal (EDP) has been struck by attackers employing the ransomware known as Ragnar Locker.

The fourth largest wind energy producer in the world, EDP is also among the largest operators in the European energy sector, supplying both electricity and gas. With a large-scale global network, the enterprise employs more than 11,500 staff and answers the energy needs of over 11 million customers across four continents, and throughout 19 different countries.

To protect stolen company documents from being leaked publicly, the company are now being asked to pay a ransom worth almost €10m (£8.7m).

Documents stolen from unsecure servers

The threat actors responsible for the Ragnar Locker ransomware attack claim they have taken more than 10 terabytes worth of sensitive and confidential company files. The cybercriminals have now stated that unless their desired ransom amount is paid in full, they will leak the entire collection of stolen information to the press and on their site set up specifically for this malicious purpose.

A recent post from Ragnarok’s dedicated website for leaked information stated in poorly written English:

“We had downloaded more than 10TB of private information from EDP group servers, Below just a couple of files and screenshots from your network only as a proof of possession! At this moment current post is a temporary, but it could become a permanent page and also we will publish this Leak in Huge and famous journals and blogs, also we will notify all your clients, partners and competitors. So it’s depend on you make it confidential or public!”

The official ransom note left on EDPs server stated the attackers had misappropriated a host of confidential data ranging from contracts, transactions and billing, to sensitive details of both partners and clients. To back up their threat, the cybercriminals then published information on their site proving they had access to a database for managing passwords, login names and accounts at EDP.

Victims subjected to intimidation tactics

The hackers responsible for the attack also employ a live chat facility known as the “client room”. Using this option, the Ragnar Locker ransomware operators taunted the European energy provider. Along with threats about releasing EDP’s sensitive information on technology and the stock market, the operators also warned the energy giant not to try and decrypt the stolen data themselves with software other than the attackers decryption tool or risk losing or damaging it.

EDP was also offered a discounted ransom amount via chat if they paid the requested amount inside of two days following the encryption.

A spokesperson for the energy provider has announced that the ransomware assault has not impacted either the company’s critical infrastructure or its service for supplying power, and that it is operating normally. Teams are working to restore all systems affected as a priority and EDP is working alongside the authorities to assess the extent of the breach. The multinational energy company alerted the authorities instantly after identifying the origin and method of attack.