CO: The Red de Salud del Norte Joaquín Paz Borrero Hospital hit with ransomware
The Cali District Government has implemented its contingency plan due to a computer attack on Joaquín Paz Borrero Hospital. The hospital is part of the Northern Health Network.
“They encrypt the information on server number 4 with passwords and leave us a message asking for a ransom for the information. They don’t talk about an amount, they talk about making contact with them in 72 hours, otherwise it will be more and more expensive to rescue this information”, explained Angie Gutiérrez, manager of ESE Norte.
The government has not yet revealed what type of ransomware is involved or whether they made contact with the threat actors.
DO: Attack on Empresa Distribuidora Del Este Claimed by BlackCat
The Empresa Distribuidora Del Este (“EdeEste”), an electricity distribution firm, has been named on BlackCat’s leak site. The group claims to have 420 GB of information from the company that can be viewed at an onion link, but that URL is not online.
EdeEste’s website is currently down and there is no announcement of any cyberattack on their social media. They have not replied to an email inquiry sent to them asking about the claimed attack.
CL: FONASA Says it has Overcome a Malware Incident
Chile’s National Health Fund (FONASA) is in charge of collecting, administering, and distributing state funds destined to health care in Chile. One of its functions is to finance the health benefits of its beneficiaries. FONASA has revealed that on February 17, it suffered a computer attack causing some minor interruptions and delays at its branches. Service at branches has since been restored. The interruptions were due to a malicious computer program that required them to isolate infected network devices.
FONASA does not say this was a ransomware attack.
This incident was reported to CSIRT (Chilean Government Information Security Incident Response Team). A Security Alert on CSIRT’s site mentions two threats in Chile, one of which is the BlackCat Threat Group. The alert does not name any victims, but when DataBreaches asked BlackCat on Tox if they had attacked any Chilean entity, they answered, “No.”
Since BlackCat is Ransomware-as-a-Service (RaaS), perhaps the spokesperson does not know every victim or what country they are in. Or perhaps FONASA was not a victim of BlackCat. DataBreaches has sent FONASA an inquiry as to whether this was a ransomware incident and if it involved BlackCat. This post will be updated if a reply is received.
BR: Âncora Sistemas de Fixação Leaked By Royal
Ancora, a company specializing in the manufacture and marketing of fasteners for civil construction, has been added to the Royal gang’s leak site. All of the data allegedly stolen from them (88 GB) was also uploaded to the site at the same time.
As we have not seen any notification of this incident on their website or social networks, DataBreaches sent Ancora an email on February 20, asking if they have been attacked by Royal and if they are aware that their data has already been dumped on Royal’s website. There has been no reply.
AR: La Segunda Seguros Named By LockBit
La Segunda Seguros insurance company has been named by LockBit on its leaks site with some samples as proof of claims. The firm offers various types of insurance products, and some of the data may be personal information, such as a file with a medical opinion and information on a work-related injury.
There is no notification of any data breach on its website or on its social networks. They did not reply to DataBreaches’ inquiry of February 21.
Editing by Dissent