RansomHub Hits Mexican Government Website and Servers

Hackers have compromised the infrastructure of a Mexican governmental platform and deployed ransomware, threatening to release the stolen information onto the dark web. 

 The attacker, called RansomHub, is one of the world's most prolific. Given their tools and way of operation, it's likely a Russian ransomware group, especially since they also state they don't target organizations from Cuba, North Korea, China and the Commonwealth of Independent States (Russia and most of the former USSR states). 

The group has compromised numerous companies and governmental institutions across the world, with the Mexican Gob.mx platform being just the latest. 

According to the Mexican government, gob.mx is a platform that promotes innovation in government, boosts efficiency, and transforms processes to provide the population with information, procedures and a platform for participation. 

RansomHub compromised this platform, and, as a Cybernews report has detailed, it stole 313 GB of data from the servers. The group has already posted a small number of files to show that their claim is real. 

The government has 10 days to pay the undisclosed ransom, but the authorities are still trying to determine exactly what happened. If the incident is real, government contracts, insurance and financial information have ended up in the hands of hackers and will likely make their way onto the dark web. 

This is not the first time RansomHub has been suspected of going after targets in Mexico. A cybersecurity incident affected 13 airports across the country only a month ago. 

The authorities said the Grupo Aeroportuario del Centro Norte (OMA) identified a cybersecurity incident involving unauthorized access to certain information systems. However, it does not seem to have had any adverse effects on operations. 

"To date, there has been no material adverse effect on the Company's operations, results, or financial position. This will be continuously assessed until the situation is fully resolved. A forensic evaluation is being carried out to understand the extent of the cybersecurity incident," the authorities explained last month.