The clean energy company Invenergy said on Friday that it had been hacked but that it did “not intend to pay any ransom”, after one of the world’s most notorious ransomware gangs threatened to leak embarrassing details about its billionaire chief executive.
The Chicago-based private company, best known for building big wind and solar farms, said that it had “investigated unauthorised activity on some of its information systems” and was complying with all regulations that require disclosure of data breaches.
Invenergy said that its operations had not been impacted by the attack, adding: “Invenergy has not paid and does not intend to pay any ransom”.
The admission came after Russia-linked REvil, among the most prolific criminal ransomware hacking cartels, claimed on its dark web site that it had compromised the company, downloading 4 terabytes of data including information on projects and contracts, according to screenshots seen by the FT.
It also claimed that it had “very personal and spicy” information about the company’s chief executive Michael Polsky. According to the hackers, this includes the energy magnate’s personal emails, compromising photos, and details about his divorce from his first wife Maya Polsky. Invenergy did not comment on the claims.
Mr Polsky amassed a $1.5bn fortune by building electric power companies after emigrating to the US from Soviet Ukraine in 1976 with $500, according to Forbes. In 2007, a judge ruled that Ms Polsky should be awarded half her husband’s cash and assets at the time — around $180m — in what was then one of the most expensive divorces in history.
The Invenergy incident comes amid the growing scourge of cybercriminal activity, which has included ransomware attacks, in which hackers seize data and only release it when a ransom is paid, potentially crippling a victim’s business, as in the recent hack of the Colonial pipeline in the US.
REvil’s victims in recent months have included the Taiwanese Apple supplier Quanta and the FBI has also accused the group of being behind last week’s attack on meatpacker JBS.
Recently, ransomware groups have started threatening to leak data as extra leverage to pressure targets to pay up. Many operate “leak sites” on the dark web where they will publish threats to their targets and later publish stolen data if those targets refuse to pay.
Some hacking groups claim to have fully moved to an exfiltration-only model known as “extortionware”, relying solely on the threat of reputational damage to win payment, typically in cryptocurrency.
Invenergy said that “no data was encrypted” by its attackers, suggesting that REvil either opted not to encrypt the company’s data and disrupt its business, or an encryption attempt failed.
“Threat groups are . . . increasingly using any embarrassing information they obtain as leverage against executives who may be in a position to influence the decision as to whether or not the demand is paid,” said Brett Callow, threat analyst at cyber security group Emsisoft.
“Unfortunately, it’s a strategy that likely works. Even [if] the claims are false, some companies may be willing to pay simply to make an embarrassing situation go away.”