Bits ‘n Pieces (Trozos y Piezas)
UY: Ministry of Transport and Public Works victim of ransomware attack
Uruguay’s Ministry of Transport and Public Works (MTOP) was hit by a ransomware attack on October 17. On November 9, MTOP reported that it was back to normal after the ransomware attack, adding that it had recovered critical information and restored the affected services.
Weeks later, the threat group called “PLAY” claimed responsibility for the attack. PLAY claims to have 80 GB of the ministry’s files. As proof, they have released 5GB of information.
DataBreaches contacted MTOP via Facebook chat on November 28th, seeking any update and clarification as to whether they have negotiated with PLAY at all. No reply was received, but on November 30, MTOP issued a new statement. In that statement, they deny any communications with the attackers and estimate that the information stolen by the attackers is 0.03% of the information available to the ministry.
The ministry says they are still investigating in order to incorporate new security measures.
CO: Keralty Group attacked by RansomHouse
Keralty Group is the owner of EPS Sanitas, Colsanitas and Medisanitas, which offer health services and benefits to affiliates. Keralty has confirmed that it suffered a cyber attack. In a November 29 statement posted on Facebook, they reported that a criminal investigation has been initiated and a contingency plan has been implemented to maintain services.
On November 30, a Camilo Andres Garci (aka @hyperconnected on Twitter), claimed that all the clues he had gathered pointed to the threat group called “RansomHouse.” His attribution was supported by a copy of a ransom note posted by another Twitter user (@xfalexx) and by RansomHouse’s statement to BleepingComputer claiming responsibility for the November 27 attack. They also claimed to have acquired 3 TB of files.
Although RansomHouse claimed responsibility, the Keralty incident does not appear on their dedicated leak site at the time of publication.
In a November 30 incident update on its Facebook page, Keralty provided information to affiliates as to the situation and how to contact them. DataBreaches.net has sent questions to Keralty Group via Facebook chat on December 01. No reply has been received by publication.
AR: Argentina de Soluciones Satelitales discloses a cyber attack
On November 30, Argentina de Soluciones Satelitales (ARSAT) suffered a cyberattack. The telecommunications service provider announced the attack on its Twitter account:
En el día de hoy sufrimos una caída en el área de sistemas corporativos que afectó sólo a los sistemas internos de la empresa. En este momento nos encontramos aplicando procedimientos de prevención.
— ARSAT (@ARSATSA) November 30, 2022
El incidente no afectó ningún servicio ni los datos de nuestros clientes. ARSAT garantiza la conectividad, el tratamiento y resguardo de los mismos.
— ARSAT (@ARSATSA) November 30, 2022
Machine translation of tweets:
“Today we suffered a crash in the corporate systems area that affected only the company’s internal systems. We are currently implementing prevention procedures.
The incident did not affect any service or our customers’ data. ARSAT guarantees the connectivity, processing and safeguarding of such data.”
High sources told this media that the attack was registered at 9 p.m. on Tuesday and that the alarms sounded at 5 a.m. this Wednesday morning. In addition, they detected that the hackers tried to enter through the corporate system, which belongs to the administration, and not through the satellite systems.
As of publication, there has been no report as to who might be responsible for the attack or if there has been any ransom demand.
BR: Plascar Participacoes Industriais reportedly attacked by Vice Society
On November 30, the Vice Society ransomware group added Plascar Participações Industriais S.A. (Plascar) to their dedicated leak site. The threat actors claim to have 650 GB of information about the company that they have leaked.
There is no notice of any breach on Plascar’s website or on their social media accounts. Neither Plascar nor Vice have responded to emails sent to them on November 30.
Edited by Dissent.