A ransomware group known as "Hotarus Corp" hit a string of finical institutions in Ecuador this past month. The group first targeted the Ministry of Finance, encrypting their website and stealing information. This form of attack has been more and more common in the last year or so. As well as encrypting the files of a company and demanding payment to release the files, the attackers will also steal information from the company and threaten to release it if the company doesn't pay. The information the attackers typically target can range from employee records like ID numbers, contact information, health information and names and home addresses to the source code of proprietary software, something most companies want to keep a close guarded secret.
The hackers disabled the Ministry of Finance's website by running a PHP script that locked down the data and defaced the website, making it show the group's symbol and instructions on how to unlock their site.
The group later dumped usernames, emails and hashed passwords for 6,632 employees at the Ministry, deeming the information did not serve them.
(Image credit to BleepingComputer)
After hitting the Ministry of Finance the group moved to the country's largest private bank, Banco Pichincha. The attackers were able to compromise a marketing partner for the bank and not the banks internal network, but during an interview with BleepingComputer, the group claims that they were able to move from the marketing partner's network to the banks network and were able to steal upwards of 31,636,026 customer records, but the claim couldn't be verified.
At Firestorm Cyber we offer advanced ransomware protection for organizations from attacks like this one. With our protection, if one computer gets infected we will block the ransomware from spreading to other computers and decrypt the files without paying the ransom. We also offer a $1 million warranty for ransomware attacks. If you want to take the next steps to protect your organization, contact us.