The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division.
Tigo is the largest mobile carrier in Paraguay, with its Tigo Business division offering digital solutions to the enterprise, including cybersecurity consulting, cloud and data center hosting, and wide area network solutions.
Over the weekend, local media reported that companies were dealing with outages in their websites hosted at Tigo Business since Thursday.
While it was suspected that Tigo suffered a cyber attack, the company did not officially confirm the attack until the weekend, when they released a statement.
The statement goes on to say that much of the news reported online is inaccurate and that the attack did not affect internet, telephone services, and Tigo Money electronic wallets.
While Tigo did not provide any details regarding the cyberattack, numerous reports on social media indicate that they suffered an attack by the Black Hunt ransomware operation.
These reports stated that over 330 servers were encrypted, and backups were compromised during the attack.
The next day, Paraguay's General Directorate of Information and Communication Technologies of the Armed Forces of Paraguay issued an alert warning companies in the country of Black Hunt ransomware attacks.
The Black Hunt ransomware operation launched at the end of 2022 when cybersecurity researchers began reporting attacks.
From numerous victims seen by BleepingComputer, the threat actors commonly attack companies in South America.
Like other ransomware operations, the threat actors breach corporate networks and silently spread laterally to other devices until they gain enough access to deploy the encryptors on the network.
In addition to the above, Black Hunt will perform a large amount of changes to Windows, including disabling Microsoft Defender, adding new users, disbaling System Restore, and disabling Task Manager and the Run command.
While all Windows devices should be restored after a malware infection, those infected with Black Hunt will be fairly unusable until Windows is reinstalled.
Txt, which contain information about the attack and email addresses that can be used to contact the threat actors.
While the ransom notes claim that the hackers steal data during attacks, there have not been any known instances of the ransomware operation leaking stolen data.
As the threat actors had full access to encrypted devices, it is safer to assume that the data was exposed during attacks.
Toronto Zoo: Ransomware attack had no impact on animal wellbeing.
US mortgage lender loanDepot confirms ransomware attack.
Capital Health attack claimed by LockBit ransomware, risk of data leak.
MGM casino's ESXi servers allegedly encrypted in ransomware attack.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 09 Jan 2024 16:30:29 +0000