Companhia Paranaense de Energia (Copel), electric utilities company in Brazil was targeted in a ransomware attack by the Darkside ransomware gang in February 2021.
The attackers stole more than 1,000GB of data including the sensitive infrastructure and personal details of top management and customers and disrupted operations and forced the company to suspend some of its systems temporarily.
They accessed the company’s CyberArk solution for privileged access management and exfiltrated plaintext passwords across Copel’s local and internet infrastructure.
The company detected the attack and acted immediately to stop it from spreading across the network.
TPRM report: https://www.rankiteo.com/company/copel
"id": "cop2522622",
"linkid": "copel",
"type": "Ransomware",
"date": "2/2021",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'industry': 'Energy',
'location': 'Brazil',
'name': 'Companhia Paranaense de Energia (Copel)',
'type': 'Electric Utilities Company'}],
'attack_vector': 'Privileged Access Management Solution (CyberArk)',
'data_breach': {'data_encryption': 'No',
'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive infrastructure and '
'personal details'},
'date_detected': 'February 2021',
'description': 'Companhia Paranaense de Energia (Copel), an electric '
'utilities company in Brazil, was targeted in a ransomware '
'attack by the Darkside ransomware gang in February 2021. The '
'attackers stole more than 1,000GB of data including sensitive '
'infrastructure and personal details of top management and '
'customers, and disrupted operations, forcing the company to '
'suspend some of its systems temporarily. They accessed the '
'company’s CyberArk solution for privileged access management '
'and exfiltrated plaintext passwords across Copel’s local and '
'internet infrastructure. The company detected the attack and '
'acted immediately to stop it from spreading across the '
'network.',
'impact': {'data_compromised': 'Sensitive infrastructure and personal details '
'of top management and customers',
'downtime': 'Temporary suspension of some systems',
'operational_impact': 'Disruption of operations',
'systems_affected': 'CyberArk solution and other systems'},
'initial_access_broker': {'entry_point': 'CyberArk solution',
'high_value_targets': 'Top management and '
'customers'},
'motivation': 'Data Theft, Operational Disruption',
'ransomware': {'data_encryption': 'No',
'data_exfiltration': 'Yes',
'ransomware_strain': 'Darkside'},
'response': {'containment_measures': 'Immediate action to stop the attack '
'from spreading'},
'threat_actor': 'Darkside ransomware gang',
'title': 'Ransomware Attack on Companhia Paranaense de Energia (Copel)',
'type': 'Ransomware Attack'}