12 Oct South Africa state-owned electricity company ESKOM targeted by cyber criminals in $200k attack

South African company ESKOM appear to have been targeted by cybercriminals in a $200k attack by the Everest ransomware operators.

Earlier this year, the Everest ransomware operators published a notice announcing the sale of “South Africa Electricity company’s root access” for $125,000. At the time, the company denied having suffered a security breach.

However rumours of a breach have resurfaced this week as security experts reported that ESKOM Hld SOC Ltd was having some server issues. At the same time, the Everest Ransom gang posted a claim about the hack of the South African state-owned electricity company and claimed to have accessed all servers within the company.

They stated: “Administration servers, Databases, backups, employee access to the administration of POS terminals and much more. Multiple settings and developments. You can become the king of electricity the whole country. Trust access of a well-known defense company from USA, which is a partner of this Electric Company.”

The ransomware gang is offering a package including servers with administrator, root and sysadmin passwords for Linux and Windows servers, and is now reportedly demanding $200,000 for the stolen access. They accept both Bitcoin and Monero cryptocurrencies as forms of payment.

ESKOM have not yet commented on the reports of an attack.