EPM Falls Victim To Ransomware Attack

Utility conglomerate Empresas Públicas de Medellín (EPM) has fallen victim to a BlackCat/ALPHV ransomware attack, disrupting the company’s operations and customer services. Tuesday least 4,000 workers were told to work from home, with information infrastructure and web services offline.

The ransomware attack has caused chaos in Medellín for prepaid electricity customers, a service usually used in low-income neighborhoods that works similar to prepaid telephony. EPM has instructed its 304,000 prepaid energy customers in 125 different cities and towns across the Colombian department of Antioquia (where Medellín is located) to physically go to customer service offices with the numbers of their electrical meters and mobile phones to receive a recharge code via text message.

The utility is also sending tanker trucks to provide water to almost 28,000 customers of prepaid water, not connected to the city’s waterworks network.

In ransomware attacks, extortionists infiltrate a computer network with software that copies files, sending them to the extortionists, and then encrypts the files, denying the victim access to its own files unless extortion is paid. The victim is also subject to the data in the files, which may contain sensitive customer or financial information, being sold on the “dark web”  or computer black market.

Medellín daily El Colombiano is already blaming Dario Amar Florez, as the executive within EPM responsible for preventing cyberattacks. According to the newspaper, Florez, an ally of Medellín Mayor Daniel Quintero, himself a former IT entrepreneur, has been allocated five billion pesos to address the crisis. Quintero has repeatedly called Medellín “Valle de Software” or Software Valley, but with EPM under his firm control through its board of director and appointments throughout management, the cybersecurity failure exposes the gap between the administration’s slogans and real digital maturity.

Image from Germán Fernández (Twitter)