Telecoms Industry Ransomware Victims

Copper Horse’s Rohan Panesar takes a high-level look at publicly available ‘claimed’ ransomware attacks against the Telecoms sector.

WannaCry Ransomware Decryption Tool – Image Source: Wikipedia

The number of ransomware groups targeting telecommunication companies has grown in recent years. Details of attacks are often difficult to obtain, but we have compiled this high-level list of observed publicly available ransomware attacks on telecom companies. Obviously these are news reports and Copper Horse has not independently verified those claims.


Portugal Telecom

Saudi Telecom Company


  • 2017
  • South Africa
  • WannaCry
  • “Crippled by WannaCry Ransomware”
    • Massive outages and reduced access to services



O2 Germany

Sri Lankan listed telco hit by ransomware

Bretange Telecom

Argentina Telecom

  • July 2020
  • Criminals demanded $7.5 million in Monero
  • “The payload was delivered in an email attachment that was downloaded and opened by one of the employees. Ultimately, the attackers hijacked an internal Domain Admin and used it to spread the infestation to over 18,000 workstations.” 
  • Potentially Sodinokibi aka REvil ransomware
    • Claimed responsibility in deleted tweet

Orange France

Schepisi Communications

Corporación Nacional de Telecomunicación (CNT)


Vodafone Portugal


As well as information of victims, we have also seen ransomware groups and actors that have targeted telecom organisations at some point during their operation.


  • Aka ALPHV
  • Surfaced in Nov 2021
  • Operators would allow affiliates to leverage the ransomware
    • Affiliates would use the BlackCat ransomware and keep 80-90% of the profits
  • Victims include telcos, pharmacies, insurance and many more sectors
  • Finds affiliates through cybercrime forums and groups
  • Use the double extortion technique


Telecommunication companies provide critical services that stretch across entire countries, if not globally. Both state-sponsored and private hackers both value the information that telcos hold, as well as understanding that disruption to these networks can be catastrophic. This makes them perfect targets for ransomware actors. It is likely that this list is merely the tip of the iceberg.