companies suffer the consequences

The cybersecurity is being the most important issue on the country’s business agenda and since the beginning of November there have been several news from companies affected by hackersincluding EPM, its subsidiary Afinia, and Sanitas.

So far in 2022, complaints about computer crimes have skyrocketed 30% compared to 2021, according to the Colombian Chamber of Information Technology and Telecommunications. And although action has been taken on the matter, several of the affected companies have not yet been able to regain control of their systems. LR questioned the three affected companies, and still no news of regaining full control of their systems.

The most recent is Sanitas, Keralty’s company, which was in the news again yesterday, since hackers published a list with the personal data of its patients, employees and suppliers; in addition to information from financial statements, as a form of pressure against the extortion suffered by the EPS.

The attack on Sanitas is now 26 days old and the entity’s users have not been able to access the web services to request appointments or medicines, which has generated congestion and delays in the physical offices. This is affecting about 5.5 million EPS users unable to access health services.

Faced with this, the Keralty Group made an official statement through a press conference and issued a statement (see attached file).

“We can confirm that Ransom House This attack has been attributed and that it has stated that it has in its possession 0.7 tera of institutional information from Keralty, of which they have shared 13 files that contain information on financial statements, balance sheets, budgets and personal information”, stated Sergio Martínez, CEO Keralty overall.

The global CEO of Keralty He added that they are working on three key points: being a key one, the restoration of the system. “Each step we are taking is being slow because it is with forensic and legal auditing; if we restore the same thing that we had, we are still vulnerable, we are working on a new system.” The second pillar in which they are working is prevention and the third, in an investigation with national and international consultants and local authorities.

Martínez said that in order to continue protecting its more than 25,000 Keralty employees and five million patients in Colombia, they are guaranteeing an average of 1.5 million weekly visits with extended hours and more staff.

“Access to medical records is already working, the web pages are being gradually restored and it will be fine in the next few days. We regret the consequences that this has brought to users, we know that admission times are being longer, but we are working on the total restoration of the system,” said Martínez, who stressed that they do not know the extortion figure they are asking for, since they are not having any contact with the criminals.

What is known is that the attacker is a group called RansomHouse that operates on Telegram, the platform from which they launch all their ads.

“Dear Keralty Management, we are sure that you are not interested in your sensitive data being leaked or sold to a third party. It’s not our fault! The company leaked. They are so greedy. They can go back to normal work in 4 hours and they know it. But they don’t care about their clients”, that was the message that the hackers left on Telegram, as seen in several screenshots published on social networks. In one part of the screen a box reads: Employee profit, 3 billion.

According to Ransomhouse, the information they have on the company occupies almost three terabytes, 3,072 gigabytes, so the published data is still somewhat small.

Other victim companies

Sanitas has not been the only target point for cyberattacks. In the case of Empresas Públicas de Medellín (EPM), the company announced on the 13th of this month that its operating system had been under a cyber attack the day before. EPM explained that the attack they suffered caused a decryption of the company’s information, an affectation of the alternate Data Center and a contagion in 25% of the infrastructure. In addition, they are still studying the additional loss of information.

The cyber attack against the EPM subsidiary, Afinia, occurred on December 16. The company, which provides electricity service in Bolívar, César, Córdoba, Sucre and 11 municipalities of Magdalena, reported that the attack affected access to web pages for electronic payments and contractual application processes.

But, what is happening in the country in terms of cybersecurity so that large companies are in check?

Diana Robles, IBM Security leader for Colombia, Peru, Ecuador, Venezuela and the Caribbean Region, indicated that the breaking point would be in prevention, since she indicates that it is key for companies to seek a strategy that anticipates attacks and not so much of detention, “that makes a difference”. Furthermore, because, according to the expert, the average time to identify and contain a data breach in companies is 331 days (251 to identify and 80 to contain), which is too long, she says.

At EPM, it was established that the attack was due to a Black Cat virus, for which, according to experts, they charge up to 5,000 million dollars for the ransom.

Black Cat It is a modality directed to a greater extent at companies, with which people and their personal data are not, in general, the central focus of cybercriminals behind this type of attack. This ransomware, according to the Powerdmarc page, is based on an affiliate marketing structure.

Also known as ransomware-as-a-service (RaasS), the hack allows malicious software to be purchased in order to charge ransom money for files that are captured from the digital fabric of companies. Attacks similar to the one suffered by EMP are reported all over the world. On September 6, the Italian energy company GSE also had problems with hackers who stole information.

But this is not only a problem for private companies, public companies are also a critical focus for cybercriminals. Throughout the year, entities such as Invima, Dane and the Prosecutor’s Office have been the target of attacks.

In itself, Colombia is a country vulnerable to cybercrime, as shown by the figures. The country ranked third in cyberattacks with a total of 6,300 cases. Above was Mexico and Brazil, warns Fortinet.