Ransomware has become a prominent threat in Latin America following recent attacks on two telecommunications giants: Claro, operating in Central America, and Digitel in Venezuela. These incidents have not only disrupted the provision of essential services but have also highlighted the vulnerability of cybersecurity in the region.
In this context, understanding the nature of these attacks, identifying the ransomware involved, and recognizing the importance of being prepared is crucial for any organization in Latin America.
On January 25, Claro Central America experienced irregularities in its services, later confirmed on February 2 as the result of a ransomware attack. This attack was attributed to the Trigona ransomware, a malware that encrypts files, leaving companies without access to information.
Trigona, known for adding the extension "._locked" to encrypted files, has had other attack episodes within the region, highlighting the need for robust cybersecurity practices. Despite Claro's efforts to maintain operability, collection services and electronic banking applications were inactive, affecting millions of users.
On the other hand, Digitel in Venezuela suffered an attack from the Medusa ransomware, which blocked access to its clients' and employees' databases and demanded a ransom for their release. Medusa has become popular since early 2023 and is characterized by encrypting files and devices, demanding a cryptocurrency payment to unlock them.
Although Digitel tried to control the situation, the threat of publishing confidential data materialized after not complying with the attackers' demands. Previously, the group behind Medusa claimed responsibility for the attack on Banco de Venezuela, whose hijacked information was also published.
These attacks have had significant repercussions on the operations and data security of users. Claro, with a subscriber base covering millions in Central America, and Digitel, as a key provider in Venezuela, faced not only service disruptions but also the exposure of sensitive information. The main concern lies in the security of user data, with increasing demands from them for companies to offer clarity and effective protection measures.
Faced with the growing threat of ransomware in Latin America, it is imperative that companies adopt proactive cybersecurity strategies. Collaborating with experts in the field, such as ESConsulting, can provide the necessary tools and knowledge to strengthen defenses against future attacks.
Implementing advanced security measures, conducting ongoing cybersecurity education, and developing an incident response plan are crucial steps to protect critical infrastructure and sensitive user information.