Guatemala's Foreign Ministry investigating ransomware attack

Guatemala’s Foreign Ministry said it is investigating a ransomware attack that happened earlier this year. 

The Ministry of Foreign Affairs shared the Law on Access to Public Information with The Record and said they were unable to comment on the cyberattack because of it. 

"The Ministry is not in a position to respond to your request, since it is in the investigation phase,” a spokesperson said. 

The Foreign Ministry was added to the leak site of the Onyx ransomware group on September 27 and was added again on November 21. 

The ransomware group emerged in April, and by May researchers from BlackBerry discovered it was constructed from the Chaos v4.0 Ransomware Builder. The ransomware made waves because it simply destroyed larger files instead of decrypting them, making it impossible to recover even when a ransom is paid.

“This particular threat group would infiltrate a victim organization’s network, steal any valuable data it found, then would unleash “Onyx ransomware,” their own branded creation based on Chaos Builder v4.0,” the researchers said. 

“The Onyx group simply customized their ransom note and created a refined list of file extensions they wished to target. There is little other modification to differentiate it from any other samples built with Chaos v4.0.”

Last month, Dragos cybersecurity researchers noted that the organization was one of the groups targeting critical infrastructure operators.

https://twitter.com/malwrhunterteam/status/1517150915475779584

Latin American governments and militaries have squared off against dozens of ransomware groups over the past year.

While the Conti ransomware group garnered the biggest headlines for their crippling attack on the entire government of Costa Rica, several other groups have targeted legislatures, government agencies, regulators and businesses across the region. 

The legislature of Argentina’s capital city announced a ransomware attack on September 13 and Argentina’s Judiciary of Córdoba was attacked by a ransomware group in August. Two weeks before that, Chile’s cybersecurity incident response team said an unnamed government agency was dealing with a ransomware attack that targeted the organization’s Microsoft tools and VMware ESXi servers.

The Dominican Republic, meanwhile, announced that it was refusing to pay a ransom following an attack on one of its departments on August 26.

Ransomware groups similarly targeted the Secretary of State for Finance of Rio de Janeiro in April and crippled the government of Costa Rica in May. There have also been several other rumored attacks on South American nations that were never confirmed.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.