Bits ‘n Pieces (Trozos y Piezas)
AR: Armed Forces Joint Chiefs of Staff computer system hit by ransomware
In developing news, the Joint Chiefs of Staff of the Armed Forces suffered a computer attack that caused them to disconnect servers from the internet as a preventive measure. Last night, military authorities confirmed the presence of “a malicious virus” in the networks of the organization that was later described as a ransomware attack. From a statement (machine translated):
“from the analysis of the information collected from the systems, no evidence of exfiltration of sensitive information has been detected, or that the fact responds to an attack directed against this agency, usually called hacking”.
Read more at La Nacion.
Databreaches.net has verified that the website of the Argentinean Joint Chiefs of Staff is currently offline today, October 21.
The ransomware group has not yet been named.
BR: RecordTV allegedly a victim of an attack by ALPHV
News outlet RecordTV was allegedly the victim of an attack by ALPHV (aka BlackCat) on October 8th. The ransomware group has demanded approximately $5 million to provide a decryptor and not to leak the data. Last week, ALPHV posted eight files as proof of access to the company. The files included spreadsheets, a passport, and a file related to litigation against them by an employee. The passport belongs to a well-known presenter of the station.
Because the attack disrupted programming, DataBreaches sent an email to RecordTV to ask about their current situation and if they have negotiated with the group. There has been no mention by them on their social networks about the attack, and we found no notice on their website. DataBreaches received no reply to an email inquiry sent yesterday. As of today, there is still no statement on their site or social media.
In response to our inquiry on Tox, the ALPHV spokesperson told us that they were negotiating with RecordTV, but would only say, “We are negotiating” and would not tell us more.
ES: CENER under cyber attack
Spain’s National Renewable Energy Center (CENER) reportedly suffered a cyber attack on Tuesday. CENER confirmed the attack on October 18 without providing details. They stated that “they were in the process of resolving it.” Read more at Diario de Navarra.
DataBreaches sent an email to CENER yesterday to request an update on the situation but received no reply.
MX: Mexico president backs defense ministry’s refusal to be transparent about major breach
Mexican President Andres Manuel Lopez Obrador is defending Mexico’s defense minister for refusing to appear before legislators to explain a major data breach.
Lopez Obrador asked the opposition to calm down and have some tea, during a regular news conference on Tuesday, describing the criticism as politically motivated.
Read more at Reuters.
BR: Unimed Belem Cooperative attack claimed by RansomExx
Unimed Belem is a medical cooperative in Brazil that has allegedly been hacked by RansomExx. This is the second medically related attack claimed by RansomExx this month. DataBreaches previously reported on one involving Consorci Sanitari Integral in Catalonia.
RansomExx claims to have 5.8 GB of files from Unimed Belem. Unimed Belem has posted a notice on its website that explains what systems are inoperative or impacted and what their authorization procedures will be during this time.
Their notice refers to a cyberattack but does not mention anything about any ransom demand. An email inquiry sent to Unimed Belem yesterday received no reply.
ES: Update on CSIC Cyberattack
DataBreaches previously reported that Consejo Superior de Investigaciones Científicas (CSIC), the Spanish National Research Center, suffered a ransomware attack in July. The attack was later claimed by Vice Society, who leaked the data they exfiltrated.
In an October 20 update, Eloísa del Pino, President of the CSIC, acknowledged that data had been exfiltrated during the attack and leaked on the dark web. She also described security improvements being implemented. “We have put in place all possible measures, five people were left without vacation working night and day,” she stated. On the advice of the police, CSIC did not pay the threat actors. Read more about her statement at EuropaPress.
DataBreaches had contacted the CSIC, the AEPD, and Vice Society in August about this incident but received no replies. The Vice Society leak included personal information on individuals as well as other research center files.
Some additional material and editing by Dissent.