Tigo Business customers repair their websites after a ransomware attack.
The Paraguayan Defense Ministry is warning of cyberattacks from the Black Hunt ransomware virus after a hacker attack last week affected Tigo Business, a company that provides cloud services and hosting.
Tigo is the largest mobile operator in Paraguay. Tigo Business offers digital solutions for businesses, including cybersecurity consulting, cloud hosting, and broadband network solutions.
Over the weekend, local media reported that since Thursday, companies hosting sites on Tigo Business hosting have experienced website outages.
Although it was initially assumed that Tigo suffered from a cyber attack, the company officially confirmed the incident only over the weekend, releasing a statement:
"On January 4, we were the victim of a security incident in Tigo Business Paraguay's infrastructure that affected some specific services used by a small group of customers."
The statement also clarifies that most of the news on the Internet is inaccurate, and that the attack did not affect the Internet, telephone communications and Tigo Money e-wallets.
It is reported that more than 330 servers were encrypted, and backups were also compromised.
The warning, which was later removed from the official website, reads as follows: "According to reports from cybersecurity experts, this incident is the result of an attack by a ransomware virus associated with the Black Hunt hacker group."
Black Hunt is a relatively new group of ransomware that has been active since the end of 2022. They often attack companies in South America. Attackers gain access to corporate networks and secretly spread across devices until they have enough rights to run cryptographers.
Cryptographers delete Windows event logs, volume shadow copies, and NTFS file logs, and disable Windows recovery. They also disable Windows Defender, add new users, disable System Restore, and block the Task Manager and Run command.
Encrypted files receive an extension in the format [id]..Hunt2. New blackmail files are created in each folder #BlackHunt_ReadMe. hta and #BlackHunt_ReadMe.txt with information about the attack and an email address for communication.
Although the ransomware claims in the file that they managed to steal sensitive data, there is no confirmation of this yet.
The Paraguayan Defense Ministry is warning of cyberattacks from the Black Hunt ransomware virus after a hacker attack last week affected Tigo Business, a company that provides cloud services and hosting.
Tigo is the largest mobile operator in Paraguay. Tigo Business offers digital solutions for businesses, including cybersecurity consulting, cloud hosting, and broadband network solutions.
Over the weekend, local media reported that since Thursday, companies hosting sites on Tigo Business hosting have experienced website outages.
Although it was initially assumed that Tigo suffered from a cyber attack, the company officially confirmed the incident only over the weekend, releasing a statement:
"On January 4, we were the victim of a security incident in Tigo Business Paraguay's infrastructure that affected some specific services used by a small group of customers."
The statement also clarifies that most of the news on the Internet is inaccurate, and that the attack did not affect the Internet, telephone communications and Tigo Money e-wallets.
It is reported that more than 330 servers were encrypted, and backups were also compromised.
The warning, which was later removed from the official website, reads as follows: "According to reports from cybersecurity experts, this incident is the result of an attack by a ransomware virus associated with the Black Hunt hacker group."
Black Hunt is a relatively new group of ransomware that has been active since the end of 2022. They often attack companies in South America. Attackers gain access to corporate networks and secretly spread across devices until they have enough rights to run cryptographers.
Cryptographers delete Windows event logs, volume shadow copies, and NTFS file logs, and disable Windows recovery. They also disable Windows Defender, add new users, disable System Restore, and block the Task Manager and Run command.
Encrypted files receive an extension in the format [id]..Hunt2. New blackmail files are created in each folder #BlackHunt_ReadMe. hta and #BlackHunt_ReadMe.txt with information about the attack and an email address for communication.
Although the ransomware claims in the file that they managed to steal sensitive data, there is no confirmation of this yet.
