The Cyber Security Incident Response Team (CSIRT) has revealed that a Chile’s government agency has suffered a ransomware attack which has impacted it’s several operations and online services.
The cyber attackers targeted the Microsoft and VMware ESXi servers on August 25, which were operated by the agency. Accordingly, the hackers ceased all the working virtual machines and encoded their files, including the “.crypt” filename extension.
According to CSIRT, the malware used in this attack had functions of stealing informations from web browsers. Also, the malware has a capability to evade through the antivirus detection using execution timeouts.
After stealing data, the attacker gave a 3 day deadline and threatened to sell the data of the agency to other cybercriminals on the dark web, online. Accordingly, the attackers offered Chile’s CSIRT a communication channel to negotiate the ransom payment with them. After paying, the attackers stated that they would prevent leaking the data and will unlock the encrypted data.
