This hack is already being called the largest cyberattack on government agencies in 2024.
A major cyberattack has been recorded in Mexico: the hacker group RansomHub announced the hacking of the official website of the federal government "gob.mx" and the theft of 313 GB of data. A message about this appeared on their "dark" resource on November 15.
According to the criminals, among the stolen information are contracts, insurance documents, financial statements and confidential files. The hackers gave the government ten days to pay the ransom, otherwise they promise to publish all the stolen materials.
On its website, RansomHub also published more than 50 sample files purportedly extracted from a database of federal employees. These samples include full employee names, job titles, email addresses, and photos and internal identification numbers.
Among the documents are signed papers from 2023, including appeals to the Director of IT and Communications of Mexico, Mario Gavina Morales, as well as a contract for transport services worth about 100 thousand dollars.
RansomHub is a relatively new group, first announcing itself in February 2024. According to researchers from Searchlight Cyber, they have already entered the top three most active ransomware groups this year, ahead of many more well-known groups.
According to a report by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), RansomHub has breached more than 210 organizations since its inception, including major companies such as Kawasaki Motors and Halliburton.
The group uses a "extortion-as-a-service" (RaaS) model and uses double-extortion techniques: stealing data with the subsequent threat of publishing it. RansomHub is known to have previously operated as an affiliate of the larger BlackCat (ALPHV) group.
The incident with the hacking of the Mexican state resource emphasizes the growing vulnerability of even the most secure systems to new players in the cybercriminal world. In a very short time, they can reach the scale of traditional hacker groups and successfully attack the government structures of entire countries.
Source
A major cyberattack has been recorded in Mexico: the hacker group RansomHub announced the hacking of the official website of the federal government "gob.mx" and the theft of 313 GB of data. A message about this appeared on their "dark" resource on November 15.
According to the criminals, among the stolen information are contracts, insurance documents, financial statements and confidential files. The hackers gave the government ten days to pay the ransom, otherwise they promise to publish all the stolen materials.
On its website, RansomHub also published more than 50 sample files purportedly extracted from a database of federal employees. These samples include full employee names, job titles, email addresses, and photos and internal identification numbers.
Among the documents are signed papers from 2023, including appeals to the Director of IT and Communications of Mexico, Mario Gavina Morales, as well as a contract for transport services worth about 100 thousand dollars.
RansomHub is a relatively new group, first announcing itself in February 2024. According to researchers from Searchlight Cyber, they have already entered the top three most active ransomware groups this year, ahead of many more well-known groups.
According to a report by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), RansomHub has breached more than 210 organizations since its inception, including major companies such as Kawasaki Motors and Halliburton.
The group uses a "extortion-as-a-service" (RaaS) model and uses double-extortion techniques: stealing data with the subsequent threat of publishing it. RansomHub is known to have previously operated as an affiliate of the larger BlackCat (ALPHV) group.
The incident with the hacking of the Mexican state resource emphasizes the growing vulnerability of even the most secure systems to new players in the cybercriminal world. In a very short time, they can reach the scale of traditional hacker groups and successfully attack the government structures of entire countries.
Source
