Several Colombian government ministries hampered by ransomware attack

Multiple prominent government ministries in Colombia are responding to a ransomware attack that is forcing officials to make significant operational changes.

This week, the Ministry of Health and Social Protection, the country’s Judiciary Branch and the Superintendency of Industry and Commerce announced that a cyberattack on technology provider IFX Networks Colombia had caused a range of problems limiting the ability of both departments to function.

On Wednesday, the Ministry of Health and Social Protection said it began facing issues on Tuesday after IFX Networks told them of problems affecting their data center.

“Due to the cybersecurity incident, it is not possible to access applications used for our mission and for the provision of services at the national level,” the ministry said.

“These applications are hosted in infrastructure contracted with IFX Networks Colombia. The company is investigating the situation and determining when our services will be reestablished.”

The ministry said it is in the process of implementing alternative mechanisms that will allow it to continue serving the health sector and minimize the impact of the attack. The agency sets policy for the country’s health system, promotes various health initiatives and coordinates citizen care between various industry stakeholders.

On Thursday evening, the Judicial Branch posted a banner on its website explaining that the site was down and that services were unavailable because of the attack on IFX. Due to the attack, the country’s Supreme Court was suspending all hearings from September 14-20.

In a longer letter posted to social media, officials said their IT team discovered the attack on September 12 and noted that it affected the entire department’s cloud infrastructure. They confirmed that IFX Networks reported a ransomware attack affecting several machines.

“According to information provided by the technology provider, it is not possible to restore services immediately,” officials said, noting that someone from IFX was summoned to their offices on Wednesday.

“In light of this information, the judiciary considers it necessary to suspend all of the court’s obligations.”

In an official document signed on Thursday, the court listed out the services that would be suspended, including most court hearings, certifications, accreditations, temporary licenses, sanctions and more.

Some in-person services and hearings will still be held. If IFX is able to restore services before September 20, the suspension order will be lifted.

On Friday, the court released a followup message warning that courts are still functioning and conducting some previously-scheduled hearings.

The Superintendency of Industry and Commerce — which manages the country’s consumer rights institution and market competition organizations — published its own notices confirming it was affected by the attack and suspending some operations through Friday.

Other government agencies told local news outlets of issues they faced with technology throughout the week and some citizens have turned to social media to complain of issues dealing with departments. El Pais reported that the government does not actually know how many entities are affected by the attack on IFX.

Familiar ransom note

No ransomware gang has publicly taken credit for the incident but cybersecurity researchers with elHacker.net shared images from the RansomHouse hacking group indicating they may be behind the attack on IFX Networks.

The group, which has deployed a range of ransomware strains over the last two years, recently attacked Colombian healthcare provider Keralty, according to Bleeping Computer. The ransom note in that attack is nearly identical to the one shared by elHacker in the IFX incident.

Researchers at BetterCyber also told Recorded Future News that while monitoring RansomHouse’s Telegram channel, they have seen several people inquire about the attacks against Colombian government agencies.

An adviser for the country’s president, Saúl Kattan, called the attack the “largest on infrastructure in Colombia in recent years” and criticized the country’s legislature for failing by one vote to approve a new ministry that would focus on cybersecurity.

“That is why the urgent creation of the National Agency for Cybersecurity and Space Affairs is important,” Kattan said.

Multiple national governments across the globe have been crippled by ransomware attacks over the last two years, including Costa Rica — which was paralyzed after it refused to pay a $20 million ransom to a Russian hacking collective in April 2022 — the Dominican Republic and most recently Sri Lanka.

The attack comes the same week as the U.S. National Security Council urged the governments of multiple countries to pledge never to pay ransomware hackers.