Chilean Court system suffers a ransomware attack

September 29, 2022 |

The Chilean judicial system has suffered a ransomware attack requiring it to take 150 computers off line to stop the spread of a virus as reported in Chilean Court System Hit With Ransomware Attack.  The trojan program entered the system via a phishing email.  A typical entreport for ransomware software.

It provides:

The Chilean judicial system yanked 150 computers offline to stop the spread of a virus that maliciously encrypts files even as authorities stressed that court proceedings were mostly unaffected.

The event is the latest cyber disruption affecting the South American country. The nation’s consumer protection agency was hit by a ransomware attack that started on Aug. 25 (see: Chile Consumer Protection Agency Hit by Ransomware Attack) and just days ago, hundreds of thousands of emails hacked from the military’s Joint Chiefs of Staff were published online.

The judicial system on Monday attributed the spread of the Cryptolocker Trojan inside its network to a phishing email opened on Sunday night. It affected computers operating Windows 7 and loaded with McAfee antivirus, reaching just 1% of court system computers, said court administration official Zvonimir Koporcic. “We are changing the antivirus,” he said.

No data was stolen, Supreme Court spokeswoman Ángela Vivanco told reporters Tuesday during a press conference where she characterized the incident as “not a huge attack.” She said authorities have no idea about the threat actor behind the Trojan.

Chilean news channel Meganoticias reported that judges in two chambers of the Supreme Court resorted to using their smartphones rather than court system computers.

Despite Microsoft’s standing recommendation that users upgrade whenever it rolls out a new operating system, Windows 7 accounts for 11% of Microsoft desktops worldwide, says statistics keeper Statcounter. Microsoft released Windows 7 in 2009 and stopped offering technical support in 2020. Vivanco said a lack of funds has prevented the court system from replacing the 3,500 Windows 7 machines still used by its officials. “We are not a judicial system with a large amount of resources, but we do have a great quantity of expenses,” she said.

The country’s computer response team, CSIRT, issued a separate alert warning government agencies of an uptick in network scans probing for vulnerabilities.

A hacker group called Guacamaya leaked 366 gigabytes worth of military emails. The hack led to the resignation of Army Gen. Guillermo Paiva, head of the Joint Chiefs of Staff. The group released a statement decrying colonization and capitalism that characterized the role of the military as a tool of oppression.

The Chilean national consumer protection agency, known as SERNAC, told citizens earlier this month that it had recovered from a ransomware attack, leaving the agency again open to receiving consumer complaints

Interestingly ransomware attacks have slightly declined in 2022, both in terms of frequency and cost  according to Coalition, an insurance provider, as reported in Coalition Releases 2022 Cyber Claims Report: Mid-year Update.  The reasons are quite prosaic and should be considered by all organisations; the growing prevalence of offline backup systems and the use of outside recovery services.  However the danger is that criminal networks shift their attacks to smaller businesses.  The average cost of a cyber attack for a small business in the USA in the first half of 2022 was $139,000, a significant sum. 

That doesn’t mean that ransomware attacks are disappearing any time soon. Computer weekly in ALPHV/BlackCat ransomware family becoming more dangerous reports that the developers of the ransomware-as-a-service (RaaS) family,  known  as ALPHV, BlackCat and Noberus,, are  refining their tactics, techniques and procedures (TTPs) and are probably more dangerous than ever.  The ALPHV/BlackCat/Noberus operation is a major and long-established player Russia-linked or based ransomware crews. Revolut, a startup has been hit by a cyber attack resulting in hackers accessing personal information of tens of thousands of customers.  Revolut’s response was far superior to that of Optus in its current slow motion car crash. 


Leave a Reply

Verified by MonsterInsights