View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
October 27, 2022updated 21 Aug 2023 4:10pm

BlackCat ransomware gang claims attack on Ecuador’s army

Ecuador is the latest South American country to see its government targeted by cybercriminals.

By Claudia Glover

Russian ransomware gang BlackCat claims to have hacked Ecuador’s army, posting data from a military agency on its victim blog. If confirmed, it will be the latest in a spate of attacks on government departments in South American countries, which have been noted for often having poor cyber defences.

Ecuadorian armed forces posted to the BlackCat victim blog. (Photo by Ammit Jack/Shutterstock)

BlackCat, also known as ALPHV posted the claims about the Ecuadorian Joint Command of the Armed Forces last night. It is part of the nation’s Ministry of Defense. The gang claims to have information on soldiers, as well as other confidential data and, at the time of writing, the Joint Command website is offline. It is not known if a ransom demand has been issued or paid.

BlackCat has been active since last year, and is thought to be made up of members of other notorious gangs such as REvil, BlackMatter and DarkSide.

Its most recent victims include NJVC, an IT services provider to the US Department of Defense. It posted data from the company to its blog last month, stating: “We strongly recommend that you contact us to discuss your situation, otherwise the confidential data in our possession will be released in stages every 12 hours.” It is not known if the company complied with BlackCat’s demands.

The FBI recently released an advisory, warning the private sector about the gang and posting indicators that systems have been hit by its malware, stating that, as of March, the gang “had compromised at least 60 entities worldwide”.

Ecuador Army ransomware attack is latest breach in South America

This is the latest in a spate of attacks on government agencies in South America this year. In May another Russian-speaking cybercrime gang, Conti, committed a major attack on Costa Rica’s government, disrupting the services of 27 departments including the ministry of finance. Costa Rican president Rodrigo Chaves said at the time that the country was “at war” with Conti and declared a state of emergency.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Peru, Mexico, Brazil and Argentina have all been attacked by Russian-speaking cybercrime gangs in 2022 so far, with security researchers suggesting these attacks have been linked to their support for Ukraine in the war. All four have “publicly condemned Russia for invading Ukraine at the United Nations General Assembly (UNGA). Some of these countries also voted to suspend Russia from the United Nations Human Rights Council in early April,” says a report from Recorded Future.

Governments lack resources to fight back

Countries in South America may have been targeted for political reasons, but many of them also have insufficient cyber defences, said Louise Ferrett, a researcher at security company Searchlight Security. “South America has had a pretty terrible time of it in terms of cyberattacks in the past few years. It’s all happening at once and it does seem like these countries are seen as low-hanging fruit, an easier option,” she told Tech Monitor earlier this year.

This could be due to their economic status, as most are middle-income and developing countries, says a report by the Royal United Services Institute (RUSI) think tank. These governments have fewer resources to fight back than those in the global north. “This may be prompting a shift towards gaining or purchasing access to victims in developing and middle-income countries that are unable or unwilling to respond forcefully, thereby reducing the risk of blowback and unwanted attention,” the report says.

Interpol has acknowledged the focus of cybercriminals on South America. The international policing agency announced a new working group in September to help countries in the region tackle the problem. “Countries across the region now face attacks ranging from business email compromise and online scams to ransomware and money laundering, “ Interpol said. the group met last month in Buenos Aires, bringing together over 90 participants from 32 member countries, four international organisations and 13 public and private bodies.

Read more: BlackCat posts luxury watchmaker Seiko to its victim blog

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.