Chilean telecom giant GTD hit by the Rorschach ransomware gang

Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service platform, disrupting online services. Grupo GTD is a telecommunications company offering services throughout Latin America, with a presence in Chile, Spain, Columbia, and Peru. The company provides various IT services, including internet access, mobile and landline telephone, and data center and IT managed services. On the morning of October 23rd, GTD suffered a cyberattack that impacted numerous services, including its data centers, internet access, and Voice-over-IP. "We understand the importance of proactive and fluid communication in the face of incidents in accordance with what we previously discussed on the phone, I would like to inform you that we are experiencing a partial impact on services as a result of a cybersecurity incident," reads a GTD security incident notification. To prevent the attack's spread, the company disconnected its IaSS platform from the internet, leading to these outages. Today, Chile's Computer Security Incident Response Team confirmed that GTD suffered a ransomware attack. "The Computer Security Incident Response Team of the Ministry of the Interior and Public Security was notified by the company GTD about a ransomware that affected part of its IaaS platforms during the morning of Monday, October 23," reads a machine-translated statement on the CSIRT website. "As a consequence, some public services in our country have presented unavailability on their websites." The CSIRT is requiring all public institutions who are utilizing GTD's IaaS services to notify the government under decree No. 273, which requires all State agencies to report when a cybersecurity incident may impact them. While CSIRT has not disclosed the name of the ransomware operation behind the attack on GTD, BleepingComputer has learned that it involved the Rorschach ransomware variant previously seen used in an attack on a US company. Rorschach ransomware is a relatively new encryptor seen by Check Point Research in April 2023. While the researchers could not link the encryptor to a particular ransomware gang, they warned that it was both sophisticated and very fast, able to encrypt a device in 4 minutes and 30 seconds. In a report on the GTD attack seen by BleepingComputer, the threat actors are utilizing DLL sideloading vulnerabilities in legitimate Trend Micro, BitDefender, and Cortex XDR executables to load a malicious DLL. This DLL is the Rorschach injector, which will inject a ransomware payload called "Config[.]ini" into a Notepad process. Once loaded, ransomware will begin encrypting files on the device. CSIRT has shared the following IOCs related to the attack on GTD below, with u.exe and d.exe being legitimate TrendMicro and BitDefender executables used in the attack and the DLLs containing the malware. Earlier this year, the Chilean military suffered a Rhysida ransomware attack, where BleepingComputer was told that the threat actors released 360,000 documents stolen from the government. BleepingComputer reached out to Grupo GTD with further questions about the attack this morning but did not receive a response. Ransomware isn't going away - the problem is only getting worse. Meet LostTrust ransomware - A likely rebrand of the MetaEncryptor gang. Building automation giant Johnson Controls hit by ransomware attack.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Chilean telecom giant GTD hit by the Rorschach ransomware gang

Chilean telecom giant GTD hit by the Rorschach ransomware gang - Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service platform, disrupting online services. Grupo GTD is a telecommunications company offering services throughout Latin America, with a presence in Chile, Spain, ...
1 year ago Bleepingcomputer.com
Toronto Public Library outages caused by Black Basta ransomware attack - The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across ...
1 year ago Bleepingcomputer.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
11 months ago Bleepingcomputer.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
10 months ago Bleepingcomputer.com
HackersEra Launches Telecom Penetration Testing to Eliminate Cyber Threats - Cybercriminals have attacked telecom infrastructure, particularly as it shifts to an IP-based design with the introduction of Long-Term Evolution networks, also referred to as LTE or 4G. Persistent attackers could spy on users' cellular networks and ...
11 months ago Cysecurity.news
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
10 months ago Securityboulevard.com
Toronto Public Library services down following weekend cyberattack - The Toronto Public Library is warning that many of its online services are offline after suffering a cyberattack over the weekend, on Saturday, October 28. TPL is Canada's largest public library system, giving people access to 12 million books ...
1 year ago Bleepingcomputer.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
8 months ago Bleepingcomputer.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
11 months ago Feeds.fortinet.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
10 months ago Unit42.paloaltonetworks.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
10 months ago Bleepingcomputer.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
11 months ago Helpnetsecurity.com
ALPHV ransomware site outage rumored to be caused by law enforcement - A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours. The ALPHV negotiation and data leak sites suddenly became unavailable yesterday and continue to remain down today. ...
11 months ago Bleepingcomputer.com
How ransomware gangs are engaging - As ransomware gangs continue to market themselves as legitimate businesses complete with customer service representatives, new research from Sophos showed that threat actors are expanding public relations efforts to further pressure victims into ...
11 months ago Techtarget.com
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
11 months ago Bleepingcomputer.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
6 months ago Bleepingcomputer.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
9 months ago Malwarebytes.com
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs - Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. The 3AM ransomware gang's activity was first ...
10 months ago Bleepingcomputer.com
Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
1 year ago Bleepingcomputer.com
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
1 year ago Bleepingcomputer.com
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
9 months ago Securityboulevard.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
8 months ago Feeds.fortinet.com
Ransomware review: January 2024 - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. In February, there were 376 ransomware victims, marking an unusually active month for the historically subdued time period. February didn't ...
8 months ago Malwarebytes.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)