Sensitive data from EDP Group now published by criminals on the darkweb.

The Portuguese giant EDP group suffered a ransomware attack at the beginning of April 2020. Crooks are now sharing sensitive data from the organization since the Portuguese electricity giant has not paid the ransom of 10 million euros.

According to the publication of the group that operates the Ragnar_Locker ransomware, two new files were added to the PoC already published on the server on the dark web on April 6th (7 days before the official date of the cyber attack).


In this recent publication, the new files leak information from a list of employees of the organization in the USA, with the ordered list of workers, salary history between 1999 and 2015, worker promotions, etc.


The other document released is a crisis management plan from EDP Group.


Criminals promise to publish more details in the coming days. The threat group leaked about 10 TB of information from EDP’s servers – a huge volume of data.
The ransom note has already been removed from the official address on the darkweb, and now criminals are threatening to publish the remaining details.
Note that the ragnar ransomware operators maintain on their blog a list of companies compromised through ransomware attacks, where they present pieces of files and images of the exfiltrated data.