Rhysida ransomware gang claims assaults on governments in Portugal, Dominican Republic

A infamous ransomware gang has claimed assaults towards two authorities establishments this week, each of which confirmed they confronted a spread of points because of the incidents.

The town of Gondomar – a suburb about 20 minutes away from the Portuguese metropolis of Porto – mentioned on September 27 that it was the goal of a cyberattack that compelled officers to take programs offline and phone the nation’s Nationwide Cybersecurity Heart and the Nationwide Information Safety Fee and native regulation enforcement.

The federal government mentioned that some municipal providers could be disrupted whereas consultants labored to resolve the state of affairs. On Monday, officers clarified that every one on-line providers provided by the federal government could be out of operation for the week, however residents may are available individual to pay payments, get permits and take different actions.

“Municipal amenities stay open throughout common public service hours. There could, nevertheless, be constraints ensuing from issues of entry to pc programs,” they mentioned.

By Friday, the municipality reported that its electronic mail programs have been nonetheless down, making contact with native residents troublesome. They once more urged residents to go to their workplaces in individual for any wants.

They didn’t reply to requests for remark about when providers would return to regular or whether or not knowledge on residents had been stolen.

The Rhysida ransomware gang claimed to be behind the assault on Thursday night, in line with cybersecurity skilled Dominic Alvieri. They shared samples of passports and different monetary paperwork allegedly stolen from the municipality on their leak website.

The gang just lately drew headlines within the U.S. for its devastating assault on Prospect Medical Holdings – which operates 16 hospitals in a number of states and was compelled to redirect ambulances because of the incident. The gang beforehand attacked a hospital in Portugal as effectively.

The ransomware gang has continued to focus on governments throughout the globe, with assaults on Kuwait, Chile and the Caribbean island of Martinique in current months.

Along with the assault on Gondomar, the group introduced one other assault on the Dominican Republic’s Migration Company, which deal with’s the nation’s immigration system.

The company confirmed the incident on Wednesday, publishing an announcement saying the hackers stole knowledge.

“These conditions, which have elevated globally and have gotten extra frequent in state establishments and are carried out by teams of worldwide cybercriminals, lead us to work diligently with the authorities to find out the extent of the leak and to make a agency dedication to take motion to mitigate the impression and shield the privateness of these affected,” a spokesperson for the Dirección Normal de Migración mentioned.

Officers mentioned they first detected uncommon exercise on September 14 earlier than notifying the nation’s Nationwide Cybersecurity Heart.

The info breach concerned names, addresses and dates of delivery, however the company mentioned its programs weren’t encrypted in the course of the assault.

“For the reason that detection, now we have collaborated with the Nationwide Cybersecurity Heart to implement remediation measures, strengthen controls and monitor doable anomalous actions,” they mentioned.

Rhysida actors posted the group on its leak website on Wednesday, giving the nation seven days to pay a ransom. It’s promoting the knowledge for 25 BTC – value about $700,000.

The group – named after centipedes – first emerged in late Might 2023 and little is understood about their operations.