Unknown attacks National Consumer Service of Chile

Incident Date:

July 8, 2022

World map



Unknown attacks National Consumer Service of Chile


National Consumer Service of Chile




Santiago, Chile

, Chile

First Reported

July 8, 2022

Unknown Threat Actor Attacks National Consumer Service of Chile

An unknown threat actor has attacked the National Consumer Service of Chile. The Government CSIRT (Computer Security Incident Response Team) issued a report on an ongoing incident that affected a government service on Thursday, August 25. The incident resulted in the interruption of the service's systems and online services. The incident is attributed to a ransomware attack that specifically targeted Microsoft and VMware ESXi servers within the organization's corporate networks.

The ransomware employed in this attack has the capability to halt all virtual machines currently running and encrypt files associated with these virtual machines. Upon infection, the affected files undergo a change in their extension to ".crypt". Subsequently, the attacker gains complete control over the victim's system and leaves a ransom message specifying the amount of data that has been hijacked. The message includes a communication channel and a unique ID for contacting the attacker. A three-day deadline is given for communication; otherwise, the attacker threatens to render the data inaccessible to the organization and offer these assets for sale to third parties on the darkweb.

The ransomware utilizes the NTRUEncrypt public key encryption algorithm, with a particular focus on targeting log files (.log), executable files (.exe), dynamic library files (.dll), swap files (.vswp), virtual disks (.vmdk), snapshot files (.vmsn), and memory files (.vmem) of virtual machines, among other file types. Moreover, the malicious program associated with the ransomware also possesses infostealer features, which include:

  • Stealing credentials from web browsers.
  • Listing removable devices such as HDDs and flash drives.
  • Exhibiting antivirus evasion capabilities using timeouts.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.