Peru's Ministry of Defense Hit by RansomExx Ransomware Attack

The Ministry of Defense of Peru has been attacked by RansomExx ransomware gang. The ransomware group published 763.8 GB of data. The Ministry of Defense of Peru is the government ministry responsible for safeguarding national security on land, sea, and air. It exercises command over the Peruvian Armed Forces, composed of the Army, the Navy, and the Air Force.

RansomExx: A Growing Threat

RansomExx is one of the newest ransomware groups that is carrying out attacks across the globe. The ransomware gang has been in operation since 2018 but came into prominence in 2020 after infecting a variety of high-profile organizations such as Gigabyte and Starhub. RansomExx is used as a part of multi-stage ‘human-operated’ attacks targeting various entities. It is delivered as a secondary payload after an initial compromise of the targeted network.

Technical Insights

It is capable of disabling various security products for smooth execution on the infected machines and has been found to infect mainly Windows systems, but current studies show this malware infects Linux systems as well by sharing similarities with its predecessor. The malware is usually delivered as a secondary in-memory payload without ever touching the disk. This makes it harder to detect.