Dunghill Ransomware Attack on Nuevatel: 10 TB Data Leak, Swift Response
Ransomware Attack on Nuevatel by Dunghill
Overview of Nuevatel
Nuevatel PCS de Bolivia S.A., operating under the brand name VIVA, is a leading telecommunications company in Bolivia. Founded in 1999, VIVA has been a pioneer in providing mobile communication services, including 2G-GSM, 3G-GSM (HSPA+ Dual Carrier), LTE TDD, public telephony, national and international long distance, data transmission, mobile Internet, LTE FDD, and WiMax. The company employs around 1,243 people and serves approximately 2.5 million subscribers. Recently acquired by Balesia Technologies, VIVA is focused on expanding and modernizing its network to enhance customer experience.
Details of the Ransomware Attack
On Sunday, June 23, Nuevatel fell victim to a ransomware attack orchestrated by the cybercriminal group known as Dunghill. The attackers reportedly exfiltrated 10 TB of sensitive data, including project files, personal identification information, confidential documents, databases, client data, financial records, accounting details, HR information, operational data, corporate information, marketing materials, development strategies, business agreements, and IT infrastructure. Despite the severity of the attack, Nuevatel's technical team, cybersecurity experts, and collaborators swiftly contained and mitigated the impact, ensuring that client services remained unaffected or were quickly restored.
About Dunghill Ransomware Group
Dunghill Leak, operated by the "Dark Angels Team," emerged in 2023 and has claimed responsibility for several high-profile attacks, including those on Sysco Corporation, Sabre Corporation, and Johnson Controls International. The group employs double extortion tactics, stealing sensitive data before encrypting systems and threatening to release the information if a ransom is not paid. Initially leveraging the stolen Babuk ransomware source code, Dunghill has also used a tailored version of the Ragnar Locker ransomware and claims to have developed their own custom encryptor.
Potential Vulnerabilities and Penetration Methods
While the exact method of penetration remains unclear, ransomware groups like Dunghill often exploit vulnerabilities in outdated software, weak passwords, and unpatched systems. Given VIVA's extensive range of services and large customer base, the company presents a lucrative target for cybercriminals seeking to maximize their ransom demands. The swift response by Nuevatel's team highlights the importance of having a robust incident response plan in place to mitigate the impact of such attacks.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!