Rhysida ransomware gang claims attacks on governments of Portugal and Dominican Republic


A notorious ransomware group this week claimed responsibility for attacks on two government institutions, both of which confirmed they were facing a range of problems due to the incidents.

The town of Gondomar – a suburb located about 20 minutes from the Portuguese city of Porto – said on September 27, it was the target of a cyberattack that forced officials to take systems offline and contact the country’s National Cybersecurity Center, the National Data Protection Commission and local law enforcement .

The government said some municipal services would be disrupted while experts worked to resolve the situation. On Monday, those responsible clarified that all online services offered by the government would be out of service for the week, but that residents could come in person to pay bills, obtain permits and take other actions.

“Municipal facilities remain open during normal public service hours. There may, however, be constraints resulting from problems accessing IT systems,” they said.

By Friday, the municipality reported that its email systems were still down, making it difficult to contact local residents. They again urged residents to visit their offices in person for any needs.

They did not respond to requests for comment on when services would return to normal or whether resident data had been stolen.

The Rhysida ransomware gang claims be behind the attack on Thursday evening, according to cybersecurity expert Dominic Alvieri. They shared samples of passports and other financial documents allegedly stolen from the municipality on their leak site.

The gang recently made headlines in the United States for its devastating attack on Prospect Medical Holdings – which operates 16 hospitals in several states and was forced to reroute ambulances following the incident. The gang had already attacked a hospital also in Portugal.

The ransomware gang has continued to target governments around the world, with attacks against Kuwait, Chile and the Caribbean island of Martinique These last months.

In addition to the attack on Gondomar, the group announced another attack on the Dominican Republic’s Migration Agency, which manages the country’s immigration system.

The agency confirmed the incident Wednesday, releasing a statement saying hackers had stolen data.

“These situations, which have multiplied globally and are increasingly common in state institutions and are carried out by international cybercriminal groups, lead us to work diligently with the authorities to determine the extent of the escape and to make a firm commitment to act. to mitigate the impact and protect the privacy of those affected,” said a spokesperson for the Dirección General de Migración.

Officials said they first detected unusual activity on September 14 before notifying the country’s National Cybersecurity Center.

The data breach involved names, addresses and dates of birth, but the agency said its systems were not encrypted during the attack.

“Since the detection, we have collaborated with the National Cyber ​​Security Center to implement corrective measures, strengthen controls and monitor possible anomalous activities,” they said.

Actors Rhysida job the organization at its leak site on Wednesday, giving the country seven days to pay a ransom. He sells the information for 25 BTC, worth around $700,000.

The group – named after centipedes – first emerged late May 2023 and little is known about their operations.

Get more information with the

Future saved

Intelligence cloud.

Learn more.

No previous articles

No new articles

Jonathan Greig

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

Leave a comment