Chile’s national computer security and incident response team (CSIRT) has announced that a ransomware attack has impacted operations and online services of a government agency in the country.
The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.
The hackers stopped all running virtual machines and encrypted their files, appending the “.crypt” filename extension.
According to CSIRT, the malware used in this attack also had functions for stealing credentials from web browsers, list removable devices for encryption, and evade antivirus detection using execution timeouts.
In typical double-extortion fashion, the intruders offered Chile’s CSIRT a communication channel to negotiate the payment of a ransom that would prevent leaking the files and unlock the encrypted data.
The attacker set a three-day deadline and threatened to sell the stolen data to other cybercriminals on the dark web.
From The Shadows Emerges Knowledge