Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach

Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach

January 9, 2024 at 11:33AM

The Paraguay military issued a warning about Black Hunt ransomware after Tigo Business experienced a cyberattack affecting hosting and cloud services. Reportedly, over 330 servers were encrypted, and the backups were compromised. Black Hunt ransomware has been targeting companies in South America, using various techniques to disable systems and encrypt files, leading to serious disruptions.

The meeting notes provide a detailed account of a cyberattack targeted at Tigo Business in Paraguay, attributed to the Black Hunt ransomware. The attack affected cloud and hosting services, leading to outages in various company websites. It was reported that over 330 servers were encrypted during the attack, compromising backups and web pages. The operation launched at the end of 2022, commonly targeting companies in South America. The ransomware encryptor adds a specific extension to encrypted files and creates ransom notes in affected folders with contact information for the threat actors.

The threat actors behind Black Hunt ransomware perform various malicious activities including disabling Windows features, creating new users, and encrypting files. While the ransom notes claim that the hackers steal data during attacks, there have not been any known instances of the ransomware operation leaking stolen data.

The General Directorate of Information and Communication Technologies of the Armed Forces of Paraguay (FFAA) issued an official alert warning about the Black Hunt ransomware attacks, noting significant impacts on internet service providers and associated companies in the country, compromising backups, web pages, emails, and cloud storage.

It is important to note that given the full access the threat actors had to encrypted devices, it is safer to assume that the data was exposed during the attacks.

Full Article