Cybercrime

Hackers Leak Data Stolen From UK Electricity Market Administrator Elexon

The cybercriminals behind the recent attack on Elexon, which manages the electricity market in the United Kingdom, have started leaking data allegedly stolen from the company.

Eduard Kovacs

June 2, 2020

The cybercriminals behind the recent attack on Elexon, which manages the electricity market in the United Kingdom, have started leaking data allegedly stolen from the company.

Elexon revealed in mid-May that its IT systems were targeted in a cyberattack, but it did not provide any additional details.

It turns out that the company was targeted by a group that launches attacks using a piece of ransomware known as Sodinokibi and REvil, and the hackers have made available some files stolen from Elexon, threat intelligence company Cyble reported on Monday. Hackers leak files stolen from electricity company Elexon

Cyble has analyzed the leaked files and identified what it has described as “highly sensitive and confidential files and data.” The exposed information includes passport copies, enterprise analysis data, and enterprise renewal application forms.

The REvil ransomware is designed to encrypt files on the compromised system and instruct the victim to pay a ransom to recover them. However, the hackers also steal data from victims to increase their chances of getting paid — victims are told that if they don’t pay up, their files will be made public.

When it disclosed the breach, Elexon said it had been working on restoring impacted IT systems, which suggests that they had no intention of paying the ransom — this is recommended by law enforcement and many cybersecurity professionals.

SecurityWeek has reached out to Elexon for comment and will update this article if the company responds.

Learn more about electric sectors threats at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

It’s not uncommon for organizations in the electricity sector to be targeted in cyberattacks. Earlier this year, the European Network of Transmission System Operators for Electricity (ENTSO-E) admitted that hackers breached its corporate network, and an electric utility in Massachusetts reported being hit by ransomware.

Written By Eduard Kovacs

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Latest News

Click to comment

Dealing With the Carcinization of Security

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Marc Solomon

Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Derek Manky

How the Atomized Network Changed Enterprise Protection

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud, and edge.

Matt Wilson

Mapping Threat Intelligence to the NIST Compliance Framework Part 2

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.

Landon Winkelvoss

Password Dependency: How to Break the Cycle

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the password dependency cycle. But how can this be done?

Torsten George