Several Colombian government ministries hampered by ransomware attack

Several key Colombian government ministries are responding to a ransomware attack that is forcing officials to make significant operational changes.

This week, the Ministry of Health and Social Protection, the country’s judiciary and the superintendence of industry and commerce announced that a cyberattack against technology provider IFX Networks Colombia had caused a series of problems limiting the operating capacity of the two departments.

On Wednesday, the Ministry of Health and Welfare said it began facing problems on Tuesday after IFX Networks informed it of problems affecting its data center.

“Due to the cybersecurity incident, it is not possible to access the applications used for our mission and for the provision of services at the national level,” the ministry said.

“These applications are hosted in infrastructure under contract with IFX Networks Colombia. The company is investigating the situation and determining when our services will be restored.

The ministry said it was implementing alternative mechanisms that would allow it to continue serving the health sector and minimize the impact of the attack. The agency sets policy for the country’s healthcare system, promotes various healthcare initiatives, and coordinates citizen care among different industry players.

Thursday evening, the judiciary posted a banner on its website explaining that the site was down and services were unavailable due to the attack on IFX. Due to the attack, the country’s Supreme Court suspended all hearings from September 14 to 20.

In a longer letter posted on social media, officials said their IT team discovered the attack on September 12 and noted that it affected the department’s entire cloud infrastructure. They confirmed that IFX Networks reported a ransomware attack affecting multiple machines.

“According to information provided by the technology provider, it is not possible to restore services immediately,” officials said, noting that someone from IFX was summoned to their offices on Wednesday.

“In light of this information, the judiciary considers it necessary to suspend all of the court’s obligations.”

In an official document signed ThursdayThe court listed services that would be suspended, including most hearings, certifications, accreditations, temporary licenses, sanctions and much more.

Some in-person services and hearings will still take place. If IFX manages to restore its services before September 20, the suspension order will be lifted.

Friday, the court posted a follow-up message warning that the courts are still operating and holding some previously scheduled hearings.

The Superintendence of Industry and Commerce, which manages the institution of consumer rights and competition organizations in the country’s market, published It is own reviews confirming that it was affected by the attack and suspend certain operations until Friday.

Other government agencies told local media issues they faced with technology throughout the week and some citizens took to social media to complain issues affecting ministries. El País reported that the government does not actually know how many entities are affected by the attack on IFX.

Familiar Ransom Note

No ransomware group has publicly taken credit for the incident, but cybersecurity researchers at elHacker.net shared images from the RansomHouse hacking group, indicating that they could be behind the attack on IFX Networks.

The group, which has deployed various strains of ransomware over the past two years, recently attacked Keralty, a Colombian healthcare provider, according to Bleeping Computer. THE ransom note in this attack is almost identical to the one shared by elHacker during the IFX incident.

BetterCyber ​​researchers also told Recorded Future News that while monitoring RansomHouse’s Telegram channel, they saw several people asking about attacks on Colombian government agencies.

An advisor to the country’s president, Saúl Kattan, called the attack the “largest in infrastructure in Colombia in recent years” and criticized the country’s legislature for failing by one vote to approve a new ministry that would focus on cybersecurity.

“This is why the urgent establishment of the National Agency for Cybersecurity and Space Affairs is important,” Kattan said.

Several national governments around the world have been crippled by ransomware attacks over the past two years, including Costa Rica, which was paralyzed. paralyzed after refusing to pay a $20 million ransom to a collective of Russian hackers in April 2022 — The Dominican Republic And more recently Sri Lanka.

Attack comes same week as US National Security Council urged the governments of several countries to pledge to never pay ransomware hackers.

Jonathan Greig

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.