RansomExx Ransomware Hits Retemex Exposing Client Data
Incident Date:
September 14, 2024
Overview
Title
RansomExx Ransomware Hits Retemex Exposing Client Data
Victim
Retemex
Attacker
Ransomexx
Location
First Reported
September 14, 2024
RansomExx Ransomware Attack on Retemex: A Detailed Analysis
Retemex, a mobile virtual network operator (MVNO) based in Mexico City, has recently fallen victim to a ransomware attack orchestrated by the notorious RansomExx group. This incident has compromised the data of 24,883 clients, including plaintext passwords, posing a significant security risk to the affected individuals.
About Retemex
Retemex operates primarily on Mexico's Red Compartida, the country's most powerful 4.5G LTE network. The company offers a variety of wireless internet and mobile phone services, including eSIM technology and MiFi devices. Their plans range from 5 GB to 100 GB, with prices starting at approximately $112 MXN. Retemex emphasizes customer satisfaction with a seven-day money-back guarantee and operates without mandatory contracts, providing flexibility to its users.
Despite its small size, employing between 2 to 10 individuals, Retemex has positioned itself as a competitive player in the telecommunications market. The company is known for its fast and reliable network, extensive coverage, and customer service available 24/7 through multiple channels.
Attack Overview
The ransomware attack on Retemex was claimed by the RansomExx group via their dark web leak site. The attack has led to the exposure of sensitive client data, including plaintext passwords. This breach highlights significant vulnerabilities in Retemex's cybersecurity measures, making it a target for sophisticated threat actors.
About RansomExx
RansomExx, also known as Sprite Spider, is a dangerous ransomware variant active since 2018. The group targets both Windows and Linux environments, employing a tactic known as "double extortion," where they encrypt files and threaten to publish stolen data if the ransom is not paid. RansomExx has been involved in high-profile attacks on major corporations and government agencies worldwide, including the Texas Department of Transportation and Ferrari.
Penetration Methods
RansomExx employs a range of sophisticated techniques to infiltrate and spread within target networks. These include compromised remote desktop protocol, phishing campaigns, exploiting vulnerabilities, and leveraging tools like Pyxie, Cobalt Strike, and Vatet for post-compromise activities. The exact method used to penetrate Retemex's systems remains unclear, but the attack underscores the importance of effective cybersecurity measures.
Implications for Retemex
The ransomware attack on Retemex has significant implications for the company and its clients. The exposure of sensitive data could lead to identity theft and other malicious activities. Additionally, the breach may damage Retemex's reputation, affecting customer trust and potentially leading to financial losses.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.