{
	"id": "f2a81087-ed10-4512-9df6-a9ec4c0be916",
	"created_at": "2026-04-06T00:10:45.93178Z",
	"updated_at": "2026-04-10T03:21:29.686271Z",
	"deleted_at": null,
	"sha1_hash": "2703fa145277bea6bb1b021bc97c83ded708d191",
	"title": "Eletrobras, Copel energy companies hit by ransomware attacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1073045,
	"plain_text": "Eletrobras, Copel energy companies hit by ransomware attacks\r\nBy Ionut Ilascu\r\nPublished: 2021-02-05 · Archived: 2026-04-05 13:47:18 UTC\r\nCentrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities\r\ncompanies in Brazil have announced that they suffered ransomware attacks over the past week.\r\nState-controlled, both are key players in the country. Copel being the largest in the state of Paraná while Eletrobras is the\r\nlargest power utility company in Latin America and also owns Eletronuclear, a subsidiary involved in the construction and\r\noperations of nuclear power plants.\r\nBoth ransomware attacks disrupted operations and forced the companies to suspend some of their systems, at least\r\ntemporarily.\r\nhttps://www.bleepingcomputer.com/news/security/eletrobras-copel-energy-companies-hit-by-ransomware-attacks/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/eletrobras-copel-energy-companies-hit-by-ransomware-attacks/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nNuclear plants unaffected\r\nIn the case of Eletrobras, the incident occurred at its Eletronuclear subsidiary and was classified as a ransomware attack. It\r\naffected some of the administrative network servers and had no impact on operations at nuclear power plants Angra 1 and\r\nAngra 2.\r\nOperations at the two plants are disconnected from the administrative network, for obvious security reasons, so the\r\nelectricity supply to the National Interconnected System remained unaffected, the company says in a press release on\r\nWednesday.\r\nUpon detecting the attack, Eletronuclear suspended some of its systems to protect the integrity of the network. Together with\r\nthe managed security services team, the company isolated the malware and restricted the effects of the attack.\r\nThe notification is scarce with details and does not clarify if the attack also doubles as a data breach, as it is common for\r\nransomware operators to steal data from the victim network before deploying the encryption routine.\r\nCopel leaks ahead\r\nIn the case of Copel, the attack is the work of the Darkside ransomware gang, who claims to have stolen more than 1,000GB\r\nof data and that the cache includes sensitive infrastructure access information and personal details of top management and\r\ncustomers.\r\nAccording to the hackers, they gained access to the company’s CyberArk solution for privileged access management and\r\nexfiltrated plaintext passwords across Copel’s local and internet infrastructure.\r\nApart from this, Darkside says that they have more than 1,000GB of sensitive data belonging to Copel, which contains\r\nnetwork maps, backup schemes and schedules, domain zones for Copel’s main site, and the intranet domain.\r\nThey also claim to have exfiltrated the database that stores Active Directory (AD) data - NTDS.dit file, which includes\r\ninformation about user objects, groups, group membership, and password hashes for all users in the domain.\r\nAlthough the AD database does not have plain text passwords, there are tools that could crack the hashes offline or use them\r\nin the so-called pass-the-hash attacks, where they function as the password itself.\r\nUnlike other ransomware operators, Darkside does not provide stolen data on their leak site. Instead, they set up a\r\ndistributed storage system to host it for six months.\r\nAccess to these caches is vetted by the gang members. This means that while Copel’s data is not freely available, third\r\nparties including hackers can easily get it.\r\nMain systems intact\r\nhttps://www.bleepingcomputer.com/news/security/eletrobras-copel-energy-companies-hit-by-ransomware-attacks/\r\nPage 3 of 4\n\nCopel is the largest company in the state of Paraná and also the first Brazilian company in the electricity sector to be listed at\r\nthe New York Stock Exchange.\r\nThe date of the intrusion remains undisclosed but Copel announced the incident in a filing with the Securities and Exchange\r\nCommission (SEC) on Monday, February 1st.\r\nThe company detected the attack and acted immediately to stop it from spreading across the network. An investigation was\r\nstarted to determine the full impact of the attack.\r\nWhat is certain is that the main systems remained unaffected and the electricity supply along with telecommunications\r\nservices continued to function normally.\r\n“The operation and protection systems detected the attacks and, immediately, the Company followed the security protocols,\r\nincluding suspending the operation of its computerized environment to protect the integrity of the information. The full\r\nassessment of what happened is in progress and the Company is taking the necessary steps to restore normality” - Copel\r\nIt is unclear how many segments of the Copel network were impacted by the attack or if the hackers were able to deploy the\r\nencryption routine. BleepingComputer reached out to Copel with a request for comments and we will update the article\r\nwhen an official statement becomes available.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/eletrobras-copel-energy-companies-hit-by-ransomware-attacks/\r\nhttps://www.bleepingcomputer.com/news/security/eletrobras-copel-energy-companies-hit-by-ransomware-attacks/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/eletrobras-copel-energy-companies-hit-by-ransomware-attacks/"
	],
	"report_names": [
		"eletrobras-copel-energy-companies-hit-by-ransomware-attacks"
	],
	"threat_actors": [],
	"ts_created_at": 1775434245,
	"ts_updated_at": 1775791289,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2703fa145277bea6bb1b021bc97c83ded708d191.pdf",
		"text": "https://archive.orkl.eu/2703fa145277bea6bb1b021bc97c83ded708d191.txt",
		"img": "https://archive.orkl.eu/2703fa145277bea6bb1b021bc97c83ded708d191.jpg"
	}
}