Hackers going by the name “Hotarus Corp” claim to have stolen Ecuador’s Ministry of Finance internal data. The group also hacked the country’s largest bank, Banco Pichincha.
In the attack on the Ministerio de Economía y Finanzas de Ecuador, the gang used PHP-based ransomware called Ronggolawe to encrypt the site’s contents.
BleepingComputer reported that they have been in touch with the ransomware gang and the criminals claimed to have stolen “sensitive ministry information, emails, employee information, contracts.”
To prove their point, the hackers published a text file containing 6,632 login names and passwords on a hacker forum.
Targeted Banco Pichincha next
Ecuador’s largest private bank, Banco Pichincha, has confirmed the news about an attack in an official statement and stated that the bad actors hacked the bank’s marketing partner and not the bank’s internal systems.
“We know that there was an unauthorized access to the systems of a provider that provides marketing services for the Pichincha Miles program. In relation to this information leak, and based on an extensive investigation, we have found no evidence of damage or access to the Bank’s systems and, therefore, the security of our clients’ financial resources is not compromised,” the bank wrote in a statement.
The attackers used the compromised website to send phishing emails to customers in an attempt to steal personal details and to perform “illegitimate transactions.”
“We know that, through a fraudulent email, the attacker sends communications on behalf of Banco Pichincha to some clients of said program in order to obtain information necessary to carry out illegitimate transactions.”
Hotarus Corp told BleepingComputer the bank’s statement is not correct. They said the gang used the marketing company’s platform to break into the bank’s systems. They confirmed they stole data and deployed ransomware to encrypt devices. To prove they tell the truth, the hacking group shared images of the stolen data.
Allegedly stolen data from Banco Pichincha
The threat actors have told BleepingComputer that they have already started to sell stolen data.
“Currently only the bank information is for sale, we have already sold about 37 thousand credit cards to a group dedicated to this, the information will be auctioned or sold initially for 250,000,” a representative of Hotarus Corp told BleepingComputer.
This is a developing story.
