Η Claro Company, the largest telecommunications company in Central and South America, was recently affected by a attack ransomware. In several areas, service disruptions were detected as a result of the attack. From the ransom note it appears that the attackers were the hackers behind the Trigona ransomware.
As of January 25, Claro Telecom customers started to experience significant Problems Network. But only on 2 February, the company explained the reason, through its subsidiary Claro Nicaragua. However, the issues were also reported in other Latin American countries such as El Salvador, Costa Rica, Guatemala and Honduras.
See also: K-12 schools remain vulnerable to ransomware attacks
As the note explains, the company suffered a ransomware attack that damaged some of its network components. The company hopes to restore the systems affected as soon as possible. Among the formal issues that have not yet been fully resolved are problems with internet connection, video calls and payment processing.
As mentioned above, the ransom note shows that the attack in Claro was made by the ransomware Trigona. The group probably managed to hack into a company system and infiltrate the files. And while encrypting files may not be that big of a problem, as they can be recovered through backups, data theft is extremely dangerous, considering the importance of the data User stored on servers of telecommunications providers.
Trigona ransomware
The hackers behind the Trigona ransomware started their activity in October 2022. Malware analysts call this group the successor of the CryLock ransomware and point out its possible association with the ransomware ALPHV/BlackCat.
See also: Ransomware attacks are increasing despite "hits" by the authorities
Like other ransomware gangs, Trigona uses the practice of double blackmail. In addition to encrypting files, the hackers steal data and threaten to leak it if they don't get the ransom they are asking for.
In October 2023, Trigona was compromised by the Ukrainian Cyber Alliance (UCA). UCA managed to delete the entire server infrastructure, including the backups. According to reports, the white hat hackers, members of the UCA, have managed to obtain the group's tools, so there is a possibility that a decryption tool will be released in the future. However, this hack did not stop the scammers from continuing their attacks.
What are the consequences of ransomware attacks on telecom companies?
Ransomware attacks can cause significant interruption of telecommunications services, as the systems that support their operation may become paralysed or disabled.
See also: Interpol: Identified 1300 IP addresses associated with phishing and ransomware attacks
This can lead to loss of confidence from them Clients, as the interruption of services and the loss of data can have serious consequences for their personal and professional lives.
In addition, ransomware attacks can cause significant economic losses, as telecom companies may be forced to pay the ransom to restore their systems.
Finally, these attacks may have long-term consequences for the company's competitiveness, as data loss and service interruption can cause permanent damage to the company's image and credibility.
Source: gridinsoft.com
