Marco A. De Felice aka @amvinfe writes:
The NetWalker Ransomware Group gives the Enel Group seven days to pay the ransom and get back 4.54 TB of data stolen during the cyber attack last June.
In a note released in the hours following the June 7 cyber attack, the multinational said it had managed to isolate its corporate network and block the threat before the ransomware spread.
They also specifically said that customer data had not been exposed to third parties.
But now NetWalker has added them to their victims data leak site.
Marco comments:
In June the cyber attack was attributed to the EKANS Ransomware group , but yesterday the first screen shots of the exfiltrated data were published on the TOR site of the Ransomware NetWalker group .
There are therefore two possibilities: either the EKANS group “passed” the stolen material to the NetWalker group, or the June intrusion into the IT systems of the Enel Group, probably due to insufficient protection on RDP ( Remote Desktop Protocol ) services, was actually performed by the latter. Personally I favor the second hypothesis.
Read more on SuspectFile.
Update: Lawrence Abrams of BleepingComputer provides a different perspective on whether there was one attack or two different threat actor groups.