The Chilean government has become the latest to reveal its systems were breached by ransomware actors, taking services offline.
The government’s Computer Security Incident Response Team (CSIRT) explained in a notice that the incident occurred on August 25 and impacted an unnamed government service.
It’s unclear from the alert how successful the attackers were, but the CSIRT explains that they targeted the agency’s Microsoft and VMware ESXi servers. The ransomware “has the ability” to encrypt these servers and rename all files with the “.crypt” suffix, it said.
“Subsequently, the attacker takes complete control of the victim's system and leaves a ransom message reporting the amount of hijacked data, offering a communication channel and a specific ID to contact them,” the note continued.
“The attacker gives a period of three days to communicate, otherwise he threatens to prevent the data from being accessible to the organization and put these assets up for sale to third parties on the dark web.”
It’s unclear which ransomware variant struck the agency, but it’s also designed to steal credentials from browsers, evade AV detection and encrypt removable devices, the CSIRT said.
The news comes as the government of Montenegro confirmed yesterday that it too was hit by criminal ransomware.
The tiny Balkan country had claimed that the Russian state was behind an attack on its systems, which has taken many government and critical infrastructure services offline for over 10 days.
That led NATO allies including the US to send urgent incident response and remediation support.
However, reports now suggest that the Cuba ransomware variant is the cause of the outage, with a $10m ransom demanded.
The latest breaches are a reminder of the threats posed by ransomware, whether wielded by hostile states or financially motivated cybercrime groups, most of which are shielded by Russia.
The incidents call to mind a serious Conti ransomware attack on Costa Rica earlier this year which took key services offline for weeks.