An Energy Company and Its Customers Targeted by Ransomware

The Energy Sector is one that has become more popular with cyber criminals over recent years.  Most customers sit and take notice when they get an email from their electricity or gas company, particularly if it involves special deals, or has an invoice attached.  Cyber criminals took advantage of this fact in early 2016, when they targeted a popular Australian energy company with a ransomware attack. 

Crypto ransomware ‘Torrentlocker’ targeted a well-known Australian energy company, successfully hitting over 10,000 customers. Customers received an email which prompted them to click on a link to download a copy of their energy bill. Instead of downloading an invoice however, the victims actually downloaded a virus (in the form of a .zip file) that, once extracted, installed the ransomware which then locked the user’s computer files and demanded the victim pay a ‘ransom’ of $US640 ($A880) to unlock them. 

The attack made it into the headlines of several news and social media channels, which was damaging to the energy company’s brand and also created a level of mistrust with their customers.  As the attacks continued to increase, the company reached out to FraudWatch International for help. 

As the attacks intensified throughout May 2016, the energy company quickly signed up for a number of our services and our support teams flew into action. Using tools offered as part of FraudWatch International’s Anti-Malware service, our team was able to work quickly to take down over 1,000 incidents from the time the client signed up with us in May 2016, to when the attack terminated in March 2017.  Over the ten month period, the majority of incidents were taken down within an hour of being reported and this significantly reduced the risk to customers.  

The chart shows the number of incidents reported over the 10 months that the attack continued, and shows a large ramp-up of attack activity in October 2016.  This increase was possibly due to the fact that users opened the malicious email at work, where it caused widespread damage by gaining access to legitimate corporate emails, which were then used by the attackers to send the scam to a wider audience. 

FraudWatch International was able to deter criminals from targeting the client further, which resulted in a decline in the ransomware attacks from mid-October 2016 onwards, and eventually led to the criminals giving up altogether in March 2017.   

There was also a shift in who the criminals chose to target, with a recent Malware campaign attacking an entirely different energy company using the same “fake invoice” method.   

We continue to protect this Energy client with a suite of services, from Anti-Malware and Anti-Phishing (including Brand Abuse protection), through to Mobile App and Social Media Monitoring.  

FraudWatch International are the global leaders in online fraud protection services.  Every day, we protect businesses from fraud losses, brand damage and online abuse.  With our world-class takedown times, we offer real financial benefits to our clients.