Level 43
Content Creator
Malware Hunter
The REvil/Sodinokibi ransomware gang has just published what it claimed were files stolen from UK power grid middleman Elexon.

As reported here, the company was hacked two weeks ago. The stolen data was published on REvil's Tor webpage as a cache of 1,280 files, which we understand include documents that appeared to be passports of Elexon staff members and an apparent business insurance application form. The Register has not verified whether the cache, in a .rar file, contains further information intended to harm Elexon and its staff. Elexon said at the time of the "cyber attack" in mid-May that it had identified the "root cause" and was "taking steps to restore" its IT systems.

Responsible for a key financial part of the UK's part-privatised electricity markets, Elexon tots up forecast electrical demand from the whole nation in half-hour blocks. It then reconciles the forecast against actual demand and electrical generation supplied to the National Grid. Cash then flows either from the grid to generators (in cases where supply exceeded demand, so the forecast was wrong) or in the other direction, where underperforming power generators pay the grid for not supplying enough at the right times.