Chile and Montenegro are the latest governments to contend with ransomware attacks from increasingly emboldened criminal groups. Each country had the websites and systems of government agencies taken down for days in what appear to be separate attacks.
The attack in Montenegro has been sustained over a long period and has been bad enough that the country has called for emergency assistance from North Atlantic Treaty Organization (NATO) partners. While there is no link at present to the Russian government, the request was made on the basis of the attacks originating from Russia and that country’s longtime permissive attitude toward criminal hackers that stay away from domestic targets.
Criminal ransomware attacks on national governments becoming more common
The attacks on government agencies tend to be the work of bigger ransomware gangs, sometimes deploying novel techniques. The recent attack on Chile is an example, as it involved a never-before-seen type of ransomware designed to exploit known flaws in certain types of servers that run Linux.
The Conti ransomware group, at the time the leading “ransomware as a service” outfit of this type, set the tone for these attacks earlier this year with a sustained campaign against Costa Rica that played havoc with government agencies and assorted public services. The group appears to have actually done this as cover for its efforts to disband and regroup into smaller outfits that are suffering less law enforcement attention.
Some Russian criminal groups have directed ransomware attacks as a way to support the invasion of Ukraine. Others are simply attacking government agencies out of opportunity and an apparent lack of fear for consequences. In recent months similar attacks have occurred in Brazil, Greece, Argentina, Taiwan and the Dominican Republic.
Hackers unafraid to target government agencies
Montenegro has been hit even harder than Chile, with multiple government agencies experiencing service interruptions. This prompted the country to request NATO assistance, granted in the form of support from FBI cyber specialists and a promise from the European Union of more personnel in the near future.
The attack appears to be from the Cuba ransomware group, a private criminal operator in business for about two years now, but NATO is able to provide assistance given that the group operates with a seeming free hand out of Russia. The ransomware attacks have also been accompanied by a steady series of distributed denial-of-service (DDoS) attacks, indicating that this may be a patriotic support campaign by the hackers rather than an attempt to make money. Montenegro took multiple government ministries offline to remediate the attacks and experienced some disruptions to the electrical grid.
While Montenegro has issued statements indicating that it has the attack under control, the US embassy in the country is warning that there may be disruptions of this nature for some time (including to flights and phone service in the country). There are thus far no reports of citizen personal information being compromised, but the attackers have claimed to have stolen bank records and other sensitive information from the country’s parliament.