Menu
On Monday 12th of December 2022, the Colombian energy company Empresas Públicas de Medellín (EPM) experienced a ransomware attack that disrupted the company’s operations and took down online services. On Tuesday 13th of December 2022, the company told approximately 4,000 employees to work from home, with IT infrastructure down.
Even though EPM did not disclose the ransomware operation behind the attack, it is believed that the BlackCat ransomware operation, aka ALPHV, was behind the attacks, and is claiming to have stolen corporate data during the attacks. Evidence to support this is a Chilean security researcher, Germán Fernández discovered a recent sample of BlackCat’s ‘ExMatter’ data-theft tool, uploaded from Colombia to a malware analysis site. And when analysing the ExMatter tool, Fernández found that it uploaded the data to a remote server that was not adequately secured, allowing any visitor to see the data stored on it. And the uploaded data was stored in various folders starting with ‘EPM-,’ as shown below. While it is unclear how much total data was stolen, Fernández told a source that there were a little over forty devices listed on the server.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
