Share this article on:
A cyber attack on a third-party provider for the Colombian government has seen over 50 Colombian state agencies and private organisations affected. A total of 762 organisations in Colombia, Chile and Argentina have been affected.
While not directly named by the Colombian government or its President, Gustavo Petro, the provider is believed to be IFX Networks, an internet service provider that last week announced that it had suffered a ransomware attack.
The attack resulted in threat actors blocking access to data, including one database that contained over 50 million records belonging to the Ministry of Health.
Presidential technology adviser Saul Kattan said this could result in a health crisis within Colombia as critical medical information became unavailable.
Speaking with Reuters, Petro said that the massive impact of the attack is proof that the US-based internet provider didn’t have the right “cyber security measures” implemented and this put its clients at risks and breached contracts.
As a result, the Colombian government is now seeking legal action, with the country’s Minister for Information, Technology and Communications Mauricio Lizcano taking to social media to announce the administrative action.
“We are coordinating ... a civil lawsuit and possibly a criminal case (against the company),” Lizcano said on X (formerly Twitter).
In a later post, Lizcano said that a total of 762 organisations were affected across Colombia, Chile and Argentina and that the country has “installed the Cyber Unified Command Post (PMU Cyber) to understand the damage and solve the problems [and] effects generated by the incident”.
En respuesta al ciberataque a IFX Networks, durante todo el dia la Dirección de Transformación Digital de la Presidencia de la República @kattansaul y el @Ministerio_TIC instalamos el Puesto de Mando Unificado Ciber (PMU Ciber), para conocer los daños y solucionar las… pic.twitter.com/N2Ve0yNAzD
— Mauricio Lizcano (@MauricioLizcano) September 14, 2023
IFX Networks issued a statement regarding the incident on the day it occurred, 12 September, confirming that at 5am that morning, “the cloud of the multinational provider for telecommunications services, IFX Networks, with operations in 17 countries in the region, suffered an external cyber security attack of the ransomware type, affecting some of its virtual machines”.
“Thanks to the swift detection and action of our team, we were able to limit the potential reach of the attack and considerably contain the number of affected systems,” it added.
While there is currently no conclusive evidence to name the threat actor behind the attack, the incident is believed to be related to the RansomHouse ransomware group.
According to reports by BleepingComputer, the group first appeared in May, claiming to not use any ransomware but instead focusing on alleged vulnerabilities to breach networks and steal data.
With this, it also does not claim responsibility for its actions but instead blames companies for improper network security and charges a “ridiculously small” bug bounty reward.
“We believe that the culprits are not the ones who found the vulnerability or carried out the hack, but those who did not take proper care of security,” the group wrote on its “about us” page.
“The culprits are those who did not put a lock on the door leaving it wide open inviting everyone in.”