Table of contents

    The rise of ransomware in telecommunications

    Bad actors are always on the lookout for new vulnerabilities, and they’re constantly improving their methods. In such a precarious environment, organizations need to make digital protection a top priority.

    Many industries have seen a spike in crime, and the telecommunications sector is no exception. With highly sensitive data and an important role in society, these companies present themselves as ideal targets for criminals.

    In 2021, SonicWall recorded an astonishing 495 million ransomware incidents, marking a 148% increase from the year before. Criminals are devising new ways to infiltrate a company’s system, and cybersecurity experts are struggling to keep up. Even within such a challenging landscape, defenders can protect their company if they take the right approach. The key is to be proactive.

    Why Is Telecom Targeted by Ransomware?

    While many companies in other industries are liable to face cybercriminals, there are a few factors that make the telecommunications sector especially prone to getting attacked. For one thing, these companies offer services that society considers critical. People count on cell service and an internet connection to exist productively in the modern world. For criminals, the industry's essential nature makes it an especially appealing target. If the goal is to extract the largest possible ransom, then it’s best to disable a particularly valuable service.

    Another feature of the industry that attracts criminals is the high amount of consumer data kept on file. For the contracts and services to work properly, the company must know people’s names, phone numbers, email addresses, and payment information. All of this data is stored digitally, and it represents a valuable booty to criminals.

    With its critical infrastructure and extensive customer data, it’s no surprise that the telecommunications industry attracts disproportionate attention from criminals. For people operating within the sector, it’s crucial to keep this vulnerability in mind. While the leaders at any company should be worried about cybersecurity, the stakes are especially high in an industry that’s become such a regular target.

    Significant Telecom Ransomware Attacks

    Telecommunications is a global industry, so it’s no surprise that companies around the world have been affected by malicious activity. From South America to Europe and everywhere in between, criminals have successfully infiltrated and destabilized major institutions. Studying some of the most severe cases provides valuable insights into the criminals’ latest methods.

    Each of the three incidents described below involved a massive company with huge stakes in the domestic market. In each case, criminals managed to sneak past the organization's insufficient cyber defenses. Once inside, it was a simple matter of locking data and demanding the ransom.

    Even when the ransom isn’t paid, cybercrime can have a devastating effect on a company. Operations often come to a standstill as the computer technicians struggle to bring key systems back online. Customers fear for their sensitive data and lose trust in the company. Even once the issue has been handled, the reputational harm lingers.

    These three cases might not be identical, but they impart the same general lesson for people in the industry. When it comes to cybersecurity, preventing successful attacks is always better than dealing with them once they’ve happened.

    Revil Ransomware Attack on Telecom Argentina

    In 2020, a cybercrime gang targeted Telecom Argentina, one of the largest Argentine internet service providers. The criminals gained a foothold in the company’s system after compromising an internal Domain Admin. From there, they managed to spread malware to over 18,000 workstations within the company. After encrypting key files, the group demanded $7.5 million in ransom.

    Luckily for Telecom Argentina’s customers, the incident did not affect internet, telephone, or television services throughout the country. All the same, the malware severely crippled the company’s internal structures. Several of the brand’s websites were forced offline, and critical data was put out of reach.

    REvil claimed responsibility for the attack, a group with a history of launching devastating assaults on companies. Some have suggested a phishing email started the onslaught. Whatever the actual route of entry, the intrusion placed the company in an uncomfortable, costly position.

    Nefilim Ransomware Attack on French Telecom Orange

    Orange, the fourth-largest telecommunications company in all of Europe, suffered an attack in the summer of 2020. The criminals behind the Nefilim scheme extracted sensitive data from the company’s systems. From there, they posted some of the data online in order to harass the company into meeting their demands. These violations of privacy are common among cybercriminals who want to demonstrate that they’ve got the upper hand in negotiations.

    Orange works with massive corporate clients, and some of these clients had their data extracted by the criminals. ATR Aircraft, for example, saw information related to airplane schematics leaked to the public. While Orange apologized profusely for the infiltration, clients were doubtlessly troubled to see such sensitive details made public.

    Lapsus$ Ransomware Attack on Portuguese Media Group Impresa

    A January 2022 assault on the Portuguese company Impresa provides a perfect example of today’s ransom-related tactics. Impresa is a massive media organization with a number of outlets under its umbrella. Hackers from the Lapsus$ group managed to infiltrate the company’s computer systems. Not only did the infiltration give the criminals access to sensitive data, but it also allowed them to control some of the company’s websites. With so much power already in their hands, they wasted no time wreaking havoc.

    The criminals took two of the company's major websites offline, one related to a newspaper and the other connected to a television broadcaster. Then, they posted a message on the websites, threatening to publish internal data if a ransom wasn’t paid. This approach typifies the ransom-based tactics that many of today’s criminals have adopted.

    Left without access to their own websites, Impresa was forced to publish news stories through social media. Not only did this incident represent a damaging blow to the company, but it also interfered with the freedom of the press. Such an assault demonstrates how hackers can effectively strike at the very heart of society. It also shows why cybersecurity is truly a societal issue.

    How Telecom Companies Can Defend Themselves

    These types of companies might be prime targets for cybercriminals, but that doesn't mean they have to accept their status as victims. With a proactive approach and a handful of smart tactics, defenders can give their enterprise the protection it needs. The key is to focus on prevention, thereby keeping criminals out of one’s computer systems altogether.

    The best way to protect their company is by taking a two-pronged approach. Their cybersecurity agenda should revolve around these two themes:

    • Employee training
    • Machine-learning technology

    Awareness training is absolutely essential if companies want to keep cybercriminals at bay. Spear phishing emails will try to trick employees so they open malicious content. Training sessions can show people how to recognize these messages before it’s too late. Security leaders can identify positions within the company that are especially vulnerable, and direct extra educational efforts towards these areas. They can also update internal policies to keep up with the latest tactics. A recurring investment in awareness will help them to stay ahead of the curve.

    No matter how well they train their employees, companies should also provide technical support to bolster their defenses. Machine-learning programs can recognize communication patterns within their company and flag any anomalous and malicious activity. This is the best way to catch dangerous emails and messages before they deliver their payload. By investing in human and technological resources, companies can deflect the bad actors eager to steal from them.


    Ransomware attacks aren’t just becoming more common. They’re also becoming more severe. Some of the biggest telecommunications companies in the world have suffered massive breaches and leaks. Rather than waiting to become the next victim, try taking a proactive approach to cybersecurity. With the right mix of employee training and machine-learning solutions, companies can effectively stave off malicious criminals before they get their hands on their data.

    To find out more about how you can protect your organization against ransomware attacks, download for free The CISO Guide to Smarter Email Security:


    Get your copy of the guide