Clean energy company Invenergy said Friday it had been hacked, but that it “did not intend to pay any ransom,” after one of the world’s most famous ransomware gangs threatened to leak embarrassing details about it. its billionaire executive director.
The Chicago-based private company, best known for building large wind and solar farms, said it has “investigated unauthorized activity on some of its information systems” and complied with all regulations requiring disclosure. of data breaches.
Invenergy said its operations were not affected by the attack, adding: “Invenergy has not paid and does not intend to pay any ransom.”
The admission came after REvil linked to Russia, among the most prolific criminal ransomware piracy cartels, said on its dark website that it had compromised the company, downloading 4 terabytes of data including information on projects and contracts, according to screenshots seen by the FT.
He also said he had “very personal and spicy” information about the company’s executive director Michael Polsky. According to the hackers, this includes personal emails from the energy tycoon, compromising photos, and details about his divorce from his first wife Maya Polsky. Invenergy did not comment on the claims.
Polsky amassed a $ 1.5 billion fortune building electricity companies after emigrating to the United States from Soviet Ukraine in 1976 for $ 500, according to Forbes. In 2007, a judge ruled that Ms. Polsky sia rewarded half of her husband’s money and assets at the time – about $ 180 million – in what was then one of the most expensive divorces in history.
The Invenergy incident comes amid the growing scourge of cybercrime activity, which has included ransomware attacks, in which hackers capture data and release it only when a ransom is paid, potentially paralyzing a person’s activity. victim, as in the recent piracy of the colonial pipeline in the US.
Recently, ransomware groups have begun threatening to leak data as it raises more to pressure targets to pay. Many operate “escape sites” on the dark web where they publish threats to their targets and then post stolen data if those targets refuse to pay.
Some piracy groups claim to have completely shifted to a single filtering model known as “extortionware,” based solely on the threat of reputational damage to earn payment, typically in cryptocurrency.
Invenergy said “no data has been encrypted” by its attackers, suggesting that REvil chose not to encrypt the company’s data and disrupt its business, or an encryption attempt failed.
“The threat groups are. . . increasingly using any embarrassing information they obtain as leverage against executives who may be in a position to influence the decision on whether the demand is paid or not, ”said Brett Callow, threat analyst. in the Emsisoft computer security group.
“Unfortunately, it’s a strategy that probably works. As well [if] the claims are false, some companies may be willing to pay just to make an embarrassing situation disappear ”.