This post is also available in:
עברית (Hebrew)
The Mexican government has recently become a victim of a high-profile ransomware attack, as the cybercriminal group RansomHub claims responsibility for breaching the country’s official federal website, gob.mx. The gang, which operates under a ransomware-as-a-service (RaaS) model, posted the breach on its dark web blog early on Friday, revealing that it had exfiltrated 313 gigabytes of sensitive data from the website’s servers.
RansomHub’s dark web post highlighted the importance of the website, which is integral to Mexico’s government operations, and threatened to release confidential files unless a ransom is paid within ten days. The stolen files, according to the cybercriminals, include sensitive government contracts, insurance documents, financial records, and other confidential materials.
In an effort to pressure the government, RansomHub shared over 50 sample files, which appear to be drawn from a database containing personal details of federal employees. These include full names, job titles, work locations, contact information, and even headshots. The group also posted several signed government documents, such as a transportation contract worth about $100,000 and correspondence addressed to high-ranking officials within the Mexican government.
This breach marks a troubling escalation for the ransomware group, which has rapidly risen to prominence in the cybercriminal world. According to Cybernews, RansomHub, thought to have ties to the Russian-backed ALPHV/BlackCat ransomware group, has targeted a range of organizations, including high-profile victims such as Halliburton and Rite Aid. The gang is known for its double-extortion tactics, where they not only demand ransom but also threaten to release stolen data publicly if their demands are not met.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory in August about RansomHub, warning organizations about the gang’s growing impact.
As the situation unfolds, the Mexican government faces increasing pressure to respond to the ransomware threat. The breach highlights the ongoing vulnerability of critical infrastructure and government entities to cyberattacks, particularly from well-organized internastional criminal groups like RansomHub.
