Ecuador’s Corporación Nacional de Telecomunicación (CNT) reported an attack that crippled it payment portal and disrupted business operations.
This week, the CNT website went offline after suffering an attack. It also informed customers that their online payment was no longer accessible.
CNT filed a complaint with the Attorney General’s Office on July 16, 2021, regarding an attack on its computer systems “so that the preliminary investigation is carried out and the responsible.”
Due to the attack, some of the company’s processes were affected, but it assures users that their services will be suspended for non-payment.
Calling, Internet, and television haven’t been affected, the company said.
“We must inform our clients, massive and corporate, that their data is They are duly protected. We also inform that services such as calls, internet and television, operate normally.”
According to BleepingComputer, the attack was conducted by a ransomware gang known as RansomEXX. Security researcher Germn Fernndez shared with BleepingComputer a link to a website where attackers warn CNT that it would leak data if it refused to pay a ransom.
“Your time is LIMITED! When this time will come to end, there are two ways: we will RAISE the ransom amount or PUBLISH your files. You will lose the opportunity to contact us after the data PUBLICATION. If you REALLY WANT to prevent data leak, contact us RIGHT NOW. We have downloaded 190GB+ of your files and we are ready to publish it,” RansomEXX wrote on the website that is hidden from the public and can be accessed only with the direct link.
In a press statement, CNT stated that its customers’ and corporate data are secure.
However, RansomEXX claimed to have stolen over 190 GB of data and shared some screenshots. This gang has been responsible for various high-profile attacks, such as an attack on Brazil’s government networks, Konica Minolta, IPG Photonics, Texas Department of Transportation (TxDOT), and Tyler Technologies.
Like other ransomware gangs, the RansomEXX uses purchased credentials or exploits to compromise a network. Or uses exploits to access a network.
After gaining administrator access, they then deploy their ransomware and encrypt all the devices and later ask a ransom.