The computer attack that has hit the National Consumer Service (CERNAC) since last Thursday, and has sent warnings from the government’s special technical unit to all state agencies, worries the public. After the fact, experts point to similarities that cyberattacks have with others reported in recent months.
In fact, according to Kronup Cyber Security’s director of operations, german fernandezThe case will be about a new type of ransomware, of which only two are previous records, and which can be linked to the person or persons responsible for bringing down the entire consumer service platform of a pro-consumer organization.
“This attack is very special mainly because Ransomware affecting this service is a new development, as we check its sample and see that there is no history of its useFernandez said.
He said that “there are only two previous cases during this month that dealt with the same virus, one in Canada and the other in the Netherlands. And now in Chile. So it could be a new version, or an update,
To carry out this attack in the opinion of the expert”We think a group of cybercriminals had reconnaissance of the Cernac network and obtained this entry through malware or phishing. In this way, they managed to penetrate the network while discovering its vulnerabilities and elevating privileges to access higher level users, perhaps domain administrators, and through them applied malware to the network extensively or transversely. could go.
Although there is still no clarity about the authorship in the data hijacking that affects Cernac, the situation Similar to other cyber attacks affecting governmentsas in the case of Costa Rica and Peru, countries in which Conti Cyber Terrorist Group A range of government services intervened—such as Costa Rica’s Ministry of Finance—to demand payment of a millionaire sum in exchange for the return of the stolen data.
In fact, according to the Costa Rica Hoy Portal, these attacks cost the Central American nation $13 billion, which is roughly equivalent. US$20 million,
Closer still, the Department of the Judicial Power of Córdoba in Argentina abruptly shut down its computer systems on August 13, after suffering a high-impact computer attack; A fact that was classified as a ransomware attack and believed to have been carried out by a new band called Play.
“Well, due to the possibility that this is a new ransomware, it is not yet known who is behind it. But certainly and to the extent that this group receives more victims, we would like to thank the authors for their operations. will know more details of, if they have portals dark webamong others”, explains Fernandez.
Meanwhile, researchers from the Center for Computer Law Studies (CEDI) of the University of Chile, Paul Wheat He added that Sernac data “will be blocked”.
“This is a type of ransomware called: filecoderin which the organization’s files and databases are encrypted through a cryptographic algorithm, and The key to this system is with the attacker.And he tells him that he can deliver those databases when they pay him”, he said in an interview with Radio Bio-Bio.
Academics also recognized that Recovering hijacked files is “difficult” for CernacAnd it depends on the type of ransomware.
“Many times, in the face of these attacks, what some organizations do is that they handle it with a large reserve, they do not inform anyone about the occurrence of the incident, and have to pay the ransom to avoid harm. moving forward, not only the database they manage, or the economic damage that could result from this fact, but also because of Detection of damage to reputation caused to the general publicWheat said.
Meanwhile, Cernac reiterated this Tuesday that “as soon as the incident occurred, computer security protocols of state agencies were followed, which means notifying the Security Incident Response Team (CSIRT), and taking it to the Ministry of Public Affairs and the POI.” Condemn” .
In a statement, the body dependent on the Ministry of Economy confirmed that, as reported by CSIRT, there are signs of being under attack. “Similar to those that have happened in other parts of the world.”
However, he clarified that since this is an ongoing investigation, “it is not possible to provide information about possible access to personal data of consumers.”
However, Cernac said that You have already managed to recover a significant portion of your website and is working on complete standardization of its care system through this channel, which is expected to be achieved in the coming days.
For this reason, it continues to receive complaints either in person or through a call centre,” which has expanded its capacity to respond to current needs. Consumers will be able to exercise their rights despite possible delay in processing,” the pro-consumer body said.
For his part, lawyers and doctors of law, Jaime Lorenzini —who was the organization’s chief of staff between 1997 and 2002, said that cyberattacks “force us to remember the standards that Sernac itself has demanded from providers in terms of security.”
In this regard, he emphasized that the agency has previously initiated collective voluntary procedures for fraud by third parties for consumer cards by holding operators in Chile accountable.
“Now it just happens to Cernac, and This should make this body aware of the norms that it has implemented and will be applicable in similar situations in future. For which this service has experienced hacking of its website”, he assured.
According to Lorenzini, this cyberattack on Cernac shows that “third party fraud takes place and it is a very sophisticated industry.”
“This should shed light on how CERNAC should reasonably consider, value and weigh circumstances when it is a situation for a supplier. There should be limits to tolerance, as things tend to be extreme Carrying is neither fair nor proper”, he said.