Ransomware Attack on Danish Telco

TT Network, the joint mast operation of Telia Denmark and Telenor Denmark, was hit by a ransomware attack last week, as confirmed by a Telenor press release. The attackers infiltrated a single server and obtained data about 25 employees but did not gain access to the mobile network or any data about phone users.

The hackers posted a notice to the dark web on December 13 saying they had obtained all of TT Network’s “important documents”, with information about bank accounts, contracts, insurance and employees. They threatened to make the information public if TT Network did not respond within 72 hours. TT Network confirmed that data about leases and 25 employees had been transferred from the server before the attack was discovered and the hackers’ access was terminated.

No comment has been made about whether the telco made contact with the hackers but it seems that none of the documents obtained by the hackers have been published so far. There was no mention of whether the ransomware had caused disruption to systems or the corruption of any data stored on the compromised server. The 25 affected employees have been informed of the hack, along with the police and the Danish authorities responsible for cybersecurity and data protection.

This ransomware attack will gain less attention from the media because it does not threaten ordinary people in the way so many other ransomware attacks do. However, telcos cannot afford to allow sensitive information about commercial deals to be broadcast to rival businesses. These hackers appear somewhat amateurish in their approach to obtaining money, and this required them to draw attention to themselves. More sophisticated corporate spies would have simply taken the information and said nothing about it whilst hunting for ways to compromise more of their target’s systems.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.