Ecuador’s military denies ransomware attack after website goes offline

Military officials in Ecuador denied reports that a ransomware group launched an attack on their systems and stole confidential data.

On Saturday, the Joint Command of the Armed Forces of Ecuador released a statement on Twitter addressing rumors that emerged when the BlackCat ransomware group added the organization to its leak site on October 26. 

The country’s Cyber Defense Command conducted an investigation after the ransomware rumors began and “determined that the digital systems and website of the Joint Command of the Armed Forces have not been compromised at any level.”

“These systems are currently in a process of preventive maintenance as a safety measure,” the statement said, adding that systems would be restored once “technical work” is completed.

Central and South American governments and militaries have squared off against dozens of ransomware groups over the past year.

While the Conti ransomware group garnered the biggest headlines for their crippling attack on the entire government of Costa Rica, several other groups have targeted legislatures, government agencies, regulators and businesses across the region. 

The legislature of Argentina’s capital city announced a ransomware attack on September 13 and Argentina’s Judiciary of Córdoba was attacked by a ransomware group in August. Two weeks before that, Chile’s cybersecurity incident response team said an unnamed government agency was dealing with a ransomware attack that targeted the organization’s Microsoft tools and VMware ESXi servers.

The Dominican Republic, meanwhile, announced that it was refusing to pay a ransom following an attack on one of its departments on August 26.

Ransomware groups similarly targeted the Secretary of State for Finance of Rio de Janeiro in April and crippled the government of Costa Rica in May. There have also been several other rumored attacks on South American nations that were never confirmed.

BlackCat has joined LockBit as the most prolific ransomware group in recent months, with major attacks on airline suppliers, Italian energy providers, Japanese video game giant Bandai Namco and more. 

According to several experts, AlphV/Black Cat is a rebrand of the prolific BlackMatter ransomware group, which itself was allegedly a rebrand of the DarkSide ransomware – a gang accused of launching the headline-grabbing attack on Colonial Pipeline. 

A representative of the group spoke to The Record in February, claiming that most of the major ransomware groups are connected in one way or another. 

“Let’s just say: ‘We [have] borrowed their advantages and eliminated their disadvantages,’” the representative said, referring to Alphv’s relationship with other incarnations of the gang.

An FBI alert released in April said the law enforcement organization had tracked at least 60 ransomware attacks by the AlphV/Black Cat group as of March.