Elexon, a go-between in the UK power grid network, was the victim of a cyber attack in May. Its systems had been infected with the Sodinokibi ransomware.
Elexon company is an electricity-regulating company regulating electricity quota and applying it around the network according to demand.
A post published by The Telegraph reads; “hackers have targeted a critical part of the UK’s power network, locking staff out of its systems and leaving them unable to send or receive emails.”
This hack affected the company’s internal IT network, along with employees’ laptops and email servers. However, they spared the system responsible for the UK electricity transit, BSC Central Systems, and EMR.
After taking down email servers in response to the attack, the company released a message declaring that they located the root source of the incident and was working to restore the internal network and employee laptops.
Two weeks after the declaration, Sodinokibi released the leaked data; a total of 1,280 files, including the passports of Elexon staff members and an evident business insurance application form, on their leak site.
Sodinokibi disclosed the heisted data because the Elexon, while refusing to pay the ransom heightened security and restored operations from backups.
In response to the attack, experts from the security firm, Bad Packets, reported that even without the confirmation of the compromised vulnerability, Elexon ran on an outdated version of Pulse Secure VPN Server; which was at risk of compromise by threat actors.
According to the company’s post on its website, “we are advising you that a cyber attack has impacted today, ELEXON’s internal IT systems. BSC Central Systems and EMR are currently unaffected and working as normal. The attack is to our internal IT systems and ELEXON’s laptops only. We are currently working hard to resolve this. However, please be aware that we are unable to send or receive any emails at the moment.”
Sodinokibi seems to be targeting random companies. Apart from Elexon, it has also claimed to have stolen information from the law firm, Grubman Shire Meiselas and Sacks. GSMLaw deals with several celebrities, including Timbaland, Elton John; Nicki Minaj, Robert de Niro; Madonna, Chris Brown; Usher, etc.
The ransomware group, Sodinokibi isn’t the unique blackmail group. Other groups involved in this act include DopplePaymer, Maze, Nefilim, Nemty, RagnarLocker, and NetWalker.