Chile’s prominent telecommunications company, Grupo GTD, has issued a warning concerning a cyberattack that has significantly impacted its Infrastructure as a Service (IaaS) platform, causing substantial disruptions to its online services. Grupo GTD, known for providing a range of telecommunications and IT services across Latin America, including Chile, Spain, Colombia, and Peru, found itself the target of a cyberattack on October 23rd. This attack resulted in a widespread impact, affecting critical services such as data centers, internet access, and Voice-over-IP (VoIP). In response, the company swiftly disconnected its IaSS platform from the internet to contain the damage, resulting in temporary service outages.
Chile’s Computer Security Incident Response Team (CSIRT) has since confirmed that Grupo GTD experienced a ransomware attack. While the specific ransomware variant behind the attack remains undisclosed by CSIRT. The Rorschach ransomware, also known as BabLock, is a relatively new and highly efficient encryptor, known for its rapid encryption capabilities. It can encrypt a device within just 4 minutes and 30 seconds.
As part of their response to the incident, CSIRT has shared indicators of compromise (IOCs) and offered guidelines for organizations connected to Grupo GTD’s IaaS to assess their security. These measures include performing comprehensive infrastructure scans with antivirus tools, checking for suspicious software, reviewing server accounts for any unauthorized changes, ensuring the integrity of processing and hard drive performance, and monitoring network traffic. The incident highlights the ongoing threat of ransomware to critical infrastructure and the need for organizations to maintain robust cybersecurity practices to prevent and respond to such attacks. Chile’s CSIRT also requires public institutions using Grupo GTD’s IaaS services to report any potential impacts, in accordance with government decree No. 273.