blackbyte attacks INVIMA

Incident Date:

March 7, 2022

World map



blackbyte attacks INVIMA






Bogota, Colombia

Bogotá,, Colombia

First Reported

March 7, 2022

INVIMA Suffers Ransomware Attack by BlackByte Group

Company Overview

INVIMA, the Colombian Institute for Health Surveillance, has been targeted by the BlackByte ransomware group, as announced on their dark web leak site. The attack has affected the government sector organization, which operates in the health and safety sector. INVIMA is a government agency responsible for regulating and supervising health services in Colombia. Their work is crucial in maintaining public health and safety standards.

Size and Industry Standout

As a significant organization in the health sector, INVIMA plays a vital role in ensuring the quality and safety of health services in Colombia.


The specific vulnerabilities that led to the successful attack by the BlackByte group are not detailed. However, it is mentioned that the hackers gained access to a folder with passwords to critical systems, which gave them access to various systems within the organization. This incident underscores the importance of secure password management and access control within organizations to prevent unauthorized access.


The impact of the ransomware attack on INVIMA includes potential disruptions to the organization's operations and the possible exposure of sensitive information. Although the hackers demanded a ransom, no payment was made.

Mitigation Strategies

While specific mitigation strategies for INVIMA are not provided, it is essential for organizations to implement robust cybersecurity measures. These include regular software updates, employee training, and strong access control policies to minimize the risk of ransomware attacks.

The BlackByte ransomware group's attack on INVIMA underscores the critical need for government agencies and organizations in the health sector to prioritize cybersecurity measures to protect against such threats. Strong password management and access control policies are crucial in preventing unauthorized access.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.