Clean energy company Invenergy said on Friday it had been hacked but had “no intention of paying a ransom” after one of the world’s most notorious ransomware gangs threatened to divulge embarrassing details about its billionaire CEO.
The private Chicago-based company, best known for building large wind and solar farms, said it had “investigated unauthorized activity on some of its information systems” and was complying with all regulations requiring the disclosure of data breaches.
Invenergy said its operations were unaffected by the attack, adding: “Invenergy has not paid and has no intention of paying a ransom.”
The confession came after Russia-linked REvil, among the most prolific criminal ransomware hacking cartels, claimed on its dark website that it had compromised the company, uploading 4 terabytes of data, including including information on projects and contracts, according to screenshots seen by the FT. .
He also claimed he had “very personal and spicy” information about the company’s chief executive, Michael Polsky. According to the hackers, this includes the energy mogul’s personal emails, compromising photos and details about his divorce from his first wife Maya Polsky. Invenergy has not commented on the allegations.
Mr. Polsky amassed a fortune of $ 1.5 billion by setting up power companies after emigrating to the United States from Soviet Ukraine in 1976 with $ 500, according to Forbes. In 2007, a judge ruled that Ms Polsky should be awarded half of her husband’s money and assets at the time – around $ 180 million – in what was then one of the costliest divorces in history.
The Invenergy incident comes amid the growing scourge of cybercrime activity, which has included ransomware attacks, in which hackers grab data and only release it when a ransom is paid, potentially crippling the business. victim activity, as in the recent Colonial Pipeline hack in the US.
Recently, ransomware groups have started threatening to release data as additional leverage to pressure targets to pay. Many operate dark web “leak sites” where they will post threats against their targets and later post stolen data if those targets refuse to pay.
Some hacking groups claim to have completely shifted to an exfiltration model only known as “extortion software”, relying solely on the threat of reputational damage to gain payment, usually in cryptocurrency. .
Invenergy said “no data has been encrypted” by its attackers, suggesting that REvil has chosen not to encrypt company data and disrupt its operations, or that an encryption attempt has failed.
“The threat groups are. . . increasingly using any embarrassing information they get as leverage against executives who may be able to influence the decision whether or not to pay the demand, ”said Brett Callow, threat analyst at the cybersecurity group Emsisoft.
“Unfortunately, it’s a strategy that probably works. same [if] claims are false, some companies may be willing to pay just to make an embarrassing situation go away.