Ransomware attack on tech provider affected multiple Colombian government ministries

Several government ministries in Colombia suffered significant operational disruptions after one of the government’s technology service providers became a victim of a ransomware attack.

Last week, Colombia’s Ministry of Health and Social Protection, the country’s Judiciary Branch and the Superintendency of Industry and Commerce said that IFX Networks Colombia, their technology provider, suffered a major ransomware attack that disrupted the ministries’ daily operations. The Ministry of Health and Social Protection also confirmed that day-to-day operations were affected as a result of the cyber security incident at IFX Networks.

“Due to the cybersecurity incident, it is not possible to access applications used for our mission and for the provision of services at the national level. These applications are hosted in infrastructure contracted with IFX Networks Colombia. The company is investigating the situation and determining when our services will be reestablished,” the ministry said.

The ministry said that it is in the process of investigating the security incident and implementing alternative options to run the health sector and minimise the impact of the attack.

In a post on its website, the Judicial Branch of Colombia said that its digital services are unavailable due to the cyber security incident at IFX Networks Colombia. The Superior Council has decided to suspend judicial terms from September 14 till September 20.

“The Superior Council of the Judiciary, in a session on September 13, 2023, decided to suspend the terms of the administrative actions in the Executive Directorate of Judicial Administration, in the sectional directorates of judicial administration,” the Judicial department posted on X.

Acknowledging the reports of the ransomware attack, IFX Networks said in a notice on its website that on the morning of September 12, it suffered a ransomware attack that affected some of its “virtual systems.”

“The company is still working on the incident, and specifies that it has not revealed any vulnerabilities in the information, privacy and security of the data hosted in the cloud, given that these are protected with information security protocols,” the company said.

While no ransomware group has claimed responsibility for the attack on IFX Networks, cyber security researchers at elHacker.net shared images indicating that the RansomHouse group is possibly behind the security incident.

This is the same hacking group that breached the internal networks of Colombian healthcare provider Keralty last year and affected IT operations, websites, scheduling of medical appointments, and other daily operations.