BR: Instituto Federal Do Pará Attack Claimed By BlackCat
The Instituto Federal Do Pará (IFPA) is a public education institution in Brazil. On January 21, it was added to the leaks site of the AlphV (BlackCat) group with a message saying, “The guys decided to ignore our ransom demands, so the data of their employees and students will be published and put up for sale”.
BlackCat’s proofpack consists of screenshots from a directory of folders but without any contents or files. Some of the folder names appear to be individuals’ names.
An email to IFPA asking them to confirm or deny BlackCat’s claims went unanswered and we found no notice on their website or social media group.
When BlackCat was asked on their Tox account as to whether they had sent any ransom demand, the spokesperson on their Admin account answered, “I don’t know.”
CO: Audifarma able to fulfill pharmacy prescriptions despite cyberattack
Audifarma, a Colombian pharmacy chain, announced on January 23 that it had been the victim of a cyber attack on January 22. In response, they disabled certain servers. The company’s statement informed patients and customers (machine translation):
We are experiencing problems with our technological infrastructure so these services will be temporarily unavailable:
Audifarma.com.co, audifarma App, Turno virtual. To claim your medicines you can visit our pharmacies during the usual opening hours.
An update on January 24 indicated that the firm was still working to address the incident.
DataBreaches sent an email inquiry to Audifarma on January 23 asking if this was a ransomware incident, but received no reply. As of publication, their main web site still times out on attempts to connect.
No ransomware group has publicly claimed responsibility for the attack as of publication.
CR: Recovery continues after cyberattack on the Ministry of Public Works and Transportation
In the January 20 edition of Trozos y Piezas, we reported a ransomware incident involving Costa Rica’s Ministry of Public Works and Transportation (MOPT).
On January 24, the government issued an update indicating that services involving the Road Safety Council and National Insurance Institute that were necessary for car owners to get necessary documentation had been restored.
There has been no further update since then. And no ransomware group has as yet publicly claimed responsibility for the attack.
Editing by Dissent.