Colombian Governmental Websites Hit by Cyberattack on Third-Party Service Provider IFX Networks

Several websites of the Colombian government were recently hit by a cyberattack against US-based digital services provider IFX Networks that included a database containing more than 50 million Ministry of Health data records and extended to digital assets in both Chile and Panama as well.

In public comments, Saul Kattan, a technology advisor to the president, explained that a health crisis could be triggered in the country since the criminals blocked access to crucial medical information for medical staff that would put the health system in check. For example, access to file online complaints for lack of healthcare or emergency care was restricted.

IFX, which is headquartered in Florida and has operating contracts with dozens of public entities, stated that it will file a complaint with the office of the attorney general.

The company released an official statement on September 12 informing that on that day, at 5:00 am, “the cloud of the multinational provider for telecommunications services, IFX Networks, with operations in 17 countries in the region, suffered an external cybersecurity attack of the ransomware type, affecting some of its virtual machines.”

The CSIRT (Cyber Security Incident Response Team) and the Cyber Emergency Response Group of Colombia (ColCERT) have received communication from more than 50 public and private organizations nationwide, expressing their involvement in the attack and requesting support from the competent authorities.

In this way, 50 are some of those affected by the suspension of the service, which began on Tuesday, September 13. Alejandro Navarro, a cybersecurity expert, told El País América that “a company usually takes a month to be restored after an attack of this kind”. However, he warns of the possibility that the consequences could last from three to six months.

Colombia’s top judicial entity was one of the most affected entities released a statement: “According to the information provided by the contractor, it is not possible to restore the service immediately and in order to ensure access and services for the administration of justice, due process and other procedural guarantees, the Superior Council of the Judiciary considers it necessary to suspend the judicial terms, except for tutela actions, habeas corpus and the function of control of guarantees in the national territory.”

The Unified Command Post (PMU) informed the public that technical support has been received from more than 30 national and international companies to redouble efforts, after the impact generated by the cyber-attack, which so far does not specify the number of companies and entities affected, but it is believed that there are at least 50.

Although it is not yet possible to confirm the perpetrators of this attack, as there is no conclusive evidence, the attack seems to be related to the Ransomware of the self-styled group “RansomHouse.”