RansomEXX Ransomware Impacts Ecuador’s Corporación Nacional de Telecomunicaciones CNT
RansomEXX Threat Actors Claim to Have Stolen 190 GB of Data.
The Corporación Nacional de Telecomunicaciones, CNT EP is the public telecommunications company in Ecuador that offers fixed telephony services local, regional and international, Internet Access (Dial-Up, DSL, mobile Internet), satellite television, and mobile telephony in Ecuadorian territory.
The public telecommunications organization has recently disclosed it had its business operations, the payment portal, and customer support service disrupted following a ransomware attack.
Starting last week, the company’s website started showing an alert notifying that they have been the victim of a cyberattack and that customer service and online payment are not currently functional.
Translated into English:
Today, July 16, 2021, the National Telecommunications Corporation, CNT EP, filed a complaint with the State Attorney General’s Office for the crime of “attack on computer systems “so that the preliminary investigation is carried out and the responsible.
This attack affected the care processes in our Integrated Service Centers and Contact Center; In this regard, we indicate to our users that their services will not be suspended for non-payment.
We must inform our clients, massive and corporate, that their data is They are duly protected. We also inform that services such as calls, internet, and television, operate normally.
RansomEXX Ransomware Behind the CNT Attack
According to BleepingComputer, the cyberattack was organized by a ransomware operation known as RansomEXX. However, CNT has not officially declared that they fell victim to a ransomware attack.
Cybersecurity specialist Germán Fernández shared with BleepingComputer a hidden link to the group’s data leak website that notifies CNT that the hacking group would leak data stolen during the attack if CNT did not pay a ransom.
This page is not visible to the public at the moment and can only be accessed via the direct link. These hidden pages are frequently included in ransom messages in order to demonstrate that a ransomware operation stole data during an attack.
Even if the public telecommunications company declared that corporate and customer information are secure and have not been exposed, the RansomEXX hackers claim to have stolen 190 GB of data and shared screenshots of some of the documents on the hidden data leak page.
According to BleepingComputer, the screenshots included contact lists, contracts, and support logs.
More About RansomEXX Ransomware
Some other big organizations impacted by RansomEXX ransomware threat actors are U.S. nuclear weapons contractor Sol Oriens and JBS Foods, the world’s largest meatpacking enterprise, which paid a ransom of $11 million in order to keep their stolen information from being leaked online.
The ransomware operation first started operating under the name Defray in 2018 but became more active in June 2020 when it changed its name to RansomEXX and began to attack big organizations.
Just like other ransomware groups, RansomEXX will damage a network via purchased credentials, brute-forced RDP servers, or by using exploits.
Once the cybercriminals get access to a network, they will silently spread throughout the network while stealing unencrypted files to be used for extortion endeavors.
After gaining access to an administrator password, they deploy the ransomware on the network and encrypt all of its devices.
BleepingComputer has contacted CNT with further questions but has not received a response yet.