In a series of audacious attacks, a notorious ransomware gang has targeted two government institutions this week, leaving both entities grappling with significant disruptions. The impact of these incidents has raised concerns about cybersecurity and data privacy.
On September 27, the city of Gondomar, situated just a short drive from the Portuguese city of Porto, found itself at the center of a cyberattack orchestrated by an unidentified ransomware group. As a result, officials were compelled to take critical systems offline and engage the country's National Cybersecurity Center, the National Data Protection Commission, and local law enforcement for assistance.
The municipal authorities immediately announced that certain public services would experience disruptions while cybersecurity experts worked diligently to resolve the issue. Subsequently, on Monday, officials clarified that all online government services would remain out of operation for the entire week. However, residents were encouraged to visit the offices in person to settle bills, obtain permits, and conduct other essential transactions.
Despite the municipality's efforts, by the end of the week, their email systems remained incapacitated, rendering communication with local residents a challenging task. The authorities continued to urge residents to physically visit their offices for their needs but remained silent on when normal services would resume and whether any sensitive resident data had been compromised.
Notably, the Rhysida ransomware gang, recognized for their cyberattacks, claimed responsibility for the attack on Thursday. Cybersecurity expert Dominic Alvieri reported that the gang had shared samples of passports and financial documents allegedly stolen from the municipality on their leak site.
This group had recently garnered attention in the United States for their crippling attack on Prospect Medical Holdings, a company that operates 16 hospitals across multiple states. The attack led to the redirection of ambulances and significant disruption. Rhysida had previously targeted a hospital in Portugal, underlining their audacious cyber activities.
The Rhysida gang has expanded their reach globally, targeting governments in Kuwait, Chile, and the Caribbean island of Martinique in recent months.
In addition to the Gondomar attack, the group announced another assault on the Dominican Republic's Migration Agency, responsible for overseeing the country's immigration system. The agency confirmed the breach and acknowledged that data had been stolen.
In response to these incidents, the Dirección General de Migración, representing the Migration Agency, issued a statement emphasizing their commitment to addressing the situation and safeguarding affected individuals' privacy. They noted that such cyberattacks by international cybercriminal groups have become increasingly common in state institutions worldwide.
The data breach compromised personal information, including names, addresses, and dates of birth. Importantly, the agency clarified that their systems were not encrypted during the attack.
In an alarming move, Rhysida actors posted the stolen data on their leak site, accompanied by a demand for a ransom within seven days, set at 25 BTC, equivalent to approximately $700,000.
The Rhysida ransomware group, named after centipedes, remains shrouded in mystery since their emergence in late May 2023, leaving many questions surrounding their operations unanswered.
No comments:
Post a Comment