The Mexican government has launched an investigation into a ransomware attack on its legal affairs office, as confirmed by President Claudia Sheinbaum. Ransomhub, a known ransomware group, has claimed responsibility for the breach and has released samples of personal data from government databases.

Details of the Breach

Ransomhub alleges that they have exfiltrated 313 gigabytes of data, comprising contracts, insurance documents, and financial records from the office.

Evidence on Leak Sites

The group has made a portion of the data accessible on leak sites, which includes information seemingly extracted from a government employee database.

Previous Incidents

This recent breach is not isolated. Earlier this year, sensitive information involving journalists was leaked, highlighting ongoing challenges in securing government systems. The January breach was reportedly due to a former employee's credentials being exploited.

Ransomhub's Profile

Emerging in early 2024, Ransomhub is a ransomware-as-a-service (RaaS) operation that has rapidly established a reputation for targeting key infrastructure. Affiliated with the threat actor Manatee Tempest, the group utilizes sophisticated initial access methods such as FakeUpdates infections, coordinated by Mustard Tempest. Cybersecurity experts suggest that Ransomhub is likely a rebranding of the Knight ransomware, also recognized as Cyclops 2.0, which debuted in 2023. Their attack strategy involves deploying malware across various platforms, including Windows, Linux, macOS, ESXi, and Android, leveraging a double extortion tactic. The ongoing investigation aims to determine the full scope and impact of this cyberattack on Mexico's governmental operations.

The link has been copied!