Dunghill Ransomware Attack on Nuevatel: 10 TB Data Leak, Swift Response
Incident Date:
July 15, 2024
Overview
Title
Dunghill Ransomware Attack on Nuevatel: 10 TB Data Leak, Swift Response
Victim
Nuevatel
Attacker
Dunghill
Location
First Reported
July 15, 2024
Ransomware Attack on Nuevatel by Dunghill
Overview of Nuevatel
Nuevatel PCS de Bolivia S.A., operating under the brand name VIVA, is a leading telecommunications company in Bolivia. Founded in 1999, VIVA has been a pioneer in providing mobile communication services, including 2G-GSM, 3G-GSM (HSPA+ Dual Carrier), LTE TDD, public telephony, national and international long distance, data transmission, mobile Internet, LTE FDD, and WiMax. The company employs around 1,243 people and serves approximately 2.5 million subscribers. Recently acquired by Balesia Technologies, VIVA is focused on expanding and modernizing its network to enhance customer experience.
Details of the Ransomware Attack
On Sunday, June 23, Nuevatel fell victim to a ransomware attack orchestrated by the cybercriminal group known as Dunghill. The attackers reportedly exfiltrated 10 TB of sensitive data, including project files, personal identification information, confidential documents, databases, client data, financial records, accounting details, HR information, operational data, corporate information, marketing materials, development strategies, business agreements, and IT infrastructure. Despite the severity of the attack, Nuevatel's technical team, cybersecurity experts, and collaborators swiftly contained and mitigated the impact, ensuring that client services remained unaffected or were quickly restored.
About Dunghill Ransomware Group
Dunghill Leak, operated by the "Dark Angels Team," emerged in 2023 and has claimed responsibility for several high-profile attacks, including those on Sysco Corporation, Sabre Corporation, and Johnson Controls International. The group employs double extortion tactics, stealing sensitive data before encrypting systems and threatening to release the information if a ransom is not paid. Initially leveraging the stolen Babuk ransomware source code, Dunghill has also used a tailored version of the Ragnar Locker ransomware and claims to have developed their own custom encryptor.
Potential Vulnerabilities and Penetration Methods
While the exact method of penetration remains unclear, ransomware groups like Dunghill often exploit vulnerabilities in outdated software, weak passwords, and unpatched systems. Given VIVA's extensive range of services and large customer base, the company presents a lucrative target for cybercriminals seeking to maximize their ransom demands. The swift response by Nuevatel's team highlights the importance of having a robust incident response plan in place to mitigate the impact of such attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.