Ransomware gang hacks Ecuador’s largest personal bank, Ministry of Finance

Ransomware gang hacks Ecuador’s largest personal bank, Ministry of Finance

Hotarus Corp

​A hacking group named ‘Hotarus Corp’ has hacked Ecuador’s Ministry of Finance and the country’s largest lender, Banco Pichincha, wherever they claim to have stolen inside details.

The ransomware gang initial qualified Ecuador’s Ministry of Finance, the Ministerio de Economía y Finanzas de Ecuador, in which they deployed a PHP-based mostly ransomware strain to encrypt a web site hosting an online system.

Ministerio de Economía y Finanzas de Ecuador website
Ministerio de Economía y Finanzas de Ecuador site

 Security researcher Germán Fernández told BleepingComputer that the menace actors are working with a commodity PHP ransomware called Ronggolawe (or AwesomeWare) to encrypt the site’s contents.

Before long soon after the assault, the threat actors unveiled a textual content file containing 6,632 login names and hashed password combos on a hacker discussion board.

Leaked login info for the Ministry of Finance
Leaked login info for the Ministry of Finance

The ransomware gang advised BleepingComputer that they have stolen “delicate ministry data, emails, staff info, contracts.”

Focused Banco Pichincha next

Just after the Ministry of Finance attack, Hotarus Corp hacked Ecuador’s major non-public lender, Banco Pichincha.

The lender has verified the attack in an official assertion but states that it was a hacked promoting partner and not their inside units.

Banco Pichincha goes on to say that the attackers used the compromised platform to deliver phishing email messages to buyers to endeavor to steal sensitive information and facts to have out “illegitimate transactions.”

The bank’s comprehensive translated assertion can be examine beneath.

“We are committed to defending the privateness of our customers’ facts. We know that there was unauthorized obtain to the methods of a supplier that presents advertising and marketing services for the Pichincha Miles program. In relation to this details leak, and based on an substantial investigation, we have discovered no proof of damage or accessibility to the Bank’s units and, consequently, the safety of our clients’ economic resources is not compromised.

We know that, through a fraudulent e-mail, the attacker sends communications on behalf of Banco Pichincha to some customers of mentioned method in get to get hold of info essential to have out illegitimate transactions. We remind our purchasers that we never ever ask for delicate knowledge such as: customers, passwords, card or account information, through the mobile phone, email, social networks or textual content messages.

We are having actions to stop and mitigate these kinds of situations related to the handling of information by our vendors. We fully grasp and share the fears of the persons whose facts has been uncovered, and we ratify our determination to their safety.” – Banco Pichincha

In an job interview with BleepingComputer, the hacking team disputes the bank’s statement and claims they utilised the advertising company’s assault as a launchpad into the bank’s interior devices. They then stole data and deployed ransomware to encrypt equipment.

“Glimpse at the assault on the lender, in the beginning on a business that develops world-wide-web apps and marketing and advertising to the bank, just after analyzing codes and info it gave us the option to entry the bank’s inner devices, it was where we used a ransomware, extracting all the attainable data.”

“After inside of we identified vulnerabilities in their apps exploits in ftp and rdp ports which helped us to escalate privileges,” the danger actors advised BleepingComputer.

By means of this assault, the hacking group statements to have stolen “31,636,026 Million buyer documents & 58,456 Sensitive process data,” like credit card figures.

As evidence of their assault, the hacking group shared various visuals of the allegedly stolen details, such as the next folder of files.

Allegedly stolen data from Banco Pichincha
Allegedly stolen info from Banco Pichincha

BleepingComputer has not been able to verify the risk actors’ claims of stealing data from the Ministry of Finance or Banco Pichincha.

In it for the funds

The risk actors have instructed BleepingComputer that they are undertaking these attacks solely for the income.

They point out that they are not at present promoting the knowledge stolen from the Ministry of Finance but are in the process of advertising credit score playing cards they assert to have stolen from Banco Pichincha.

“Currently only the financial institution details is for sale, we have already offered about 37 thousand credit history playing cards to a team dedicated to this, the info will be auctioned or sold in the beginning for 250,000,” a Hotarus Corp operator informed BleepingComputer.

We have attained out to Ecuador’s Ministry of Finance and Banco Pichincha to discover much more about the assaults but have not heard back at this time.