The Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado on Tuesday.
While Intrado is yet to share any information regarding this incident, sources have told BleepingComputer early this month that the attack started on December 1 and the initial ransom demand was $60 million.
The Royal Ransomware group, made up of experienced threat actors and operating without affiliates, has reportedly stolen some data from Intrado’s systems and is now threatening to publish it on their data leak site unless the company pays the ransom.
Warning that stolen data will get leaked online is a common scare tactic used by ransomware gangs to scare victims into negotiating a deal or returning to the negotiation table.
The attackers claim to have obtained internal documents, passports, and employee driver’s licenses from compromised Intrado devices.
Although the ransomware gang has not yet leaked any of the files allegedly exfiltrated from Intrado’s network, they did share a 52.8 MB archive containing scans of passports, business documents, and driver’s licenses as proof of the breach.
Intrado has not yet responded to multiple requests for comment from BleepingComputer via email and voicemail.
Likely linked to an early December outage
The date of the initial breach coincides with a widespread outage that impacted all of Intrado’s services, including Unified Communication Services, Healthcare, and Unified Communications as a Service (UCaaS).
“We are experiencing an issue with our internal network, Products are not impacted at this time. However, this may impact your ability to reach us via phone,” Intrado said in an incident report on December 1st.
“The best method to contact support is by email or chat. We will provide an update when this situation is resolved and we apologize for any inconvenience.”
U.S. Department of Health & Human Services (HHS) spokesperson Sarah Lovenheim said the next day that the Intrado network outage had been addressed, adding that “the disruption of phone service was unacceptable, and HHS continues to investigate the root cause of the outage.”
However, while Intrado has restored most of the affected services, the company was still working on fully restoring healthcare services one week ago.
“As of Wednesday, December 21st, while we have made significant progress restoring service across all platforms, we are still experiencing some intermittent issues with notifications not being made for some accounts,” Intrado added.
Intrado says it provides services to approximately 82% of Fortune 500 companies and manages approximately 20 billion annual telephony minutes.
The company settled with the U.S. Federal Communications Commission for $1,750,000 last year to resolve an investigation into whether it failed to deliver 911 calls and timely notify Public Safety Answering Points during a 911 outage.