[News] This is how they took down the Dane digital platform and demanded ransom

[Akrapovic]

The attackers on the entity's website requested a payment of $ 25,000.

 

 

This Wednesday, the National Administrative Department of Statistics (Dane) denounced that on Tuesday, November 9, its website was the object of a computer attack.

According to Juan Daniel Oviedo, director of the entity, the hack occurred late Tuesday night when an alert message associated with the crash of one of the servers was received.

The entity has already filed a criminal complaint with the Attorney General's Office. EL TIEMPO had access to the document in which Ricardo Valencia Ramírez, Dane's deputy director, detailed how the hack that affected the entity's platform was. So it happened.

This is how they attacked the website
According to the deputy director of the Dane in the complaint, the event occurred at exactly 11:35 p.m. m. on November 9, 2021, when the entity's engineer received an email alert from him reporting the crash of one of the servers.

“The infrastructure is entered to validate its operation, and the crash of a Windows server is evident. It is validated and it is observed that, in addition, they are falling machine by machine ”.

The entity's servers and virtual machines were also removed.

Once the problem was detected, the Dane engineers proceeded to deactivate the user from which the elimination of the machines and information was taking place.

The infrastructure is entered to validate its operation, and the crash of a Windows server is evidenced
Around 11:50 p.m. m., the engineers entered the Data Store (site where the data is stored) to secure the information. However, apparently, at that moment the attacker was deleting data.

"When this work was being carried out, (refreshing the screen), all the
volumes, from which we can presume that, at that time, the attacker was
erasing all the information ", rests in the text of the criminal complaint before the Prosecutor's Office.

"Windows machines were identified without working. The data store that contains them is entered and all the deleted volumes are found. At that time it was possible to
show that at least 230 teras had been erased, "they add.

Although the system was isolated to mitigate the attack, they continued to detect irregular connections, so it was necessary to make a complaint to the Computer Security Incident Response Team of the National Police.

According to Valencia, the attackers of the Dane site even sent a notification from the server requesting a payment of 25,000 dollars (more than 96 million Colombian pesos).

In addition to requesting the money, the alleged perpetrator sent emails to Dane's accounts claiming the attack on the platforms.

(You may be interested: How can I know if my Wi-Fi is being stolen?)

In this email, he stated that he had a total of 130 teras of data on the entity, for which he asked to speak with the management to return the information that he had obtained.

The alleged attacker made the same request and proposal to return the information through the Teams platform.

Apparently, he could have been a form of computer crime known as Ransomware in which, according to Malwarebytes, a company specializing in attacks and hackers, users' data is hijacked.

"Users are prevented from accessing their system or personal files and a ransom is required to gain access to them again," Malwarebytes explains.

The affectation was serious. According to the official, the hack is affecting the operation of Dane in the country, taking into account that "the website, the institutional email, was deleted, statistical processing systems and databases, (which contain information of a confidential nature and with sensitive and confidential information) ".

The complaint indicates that the general technological infrastructure of the entity was affected, as there are damages and inconveniences in the availability of the information and the statistical collection and production applications.

There are also effects on emails, statistical processing servers, antivirus, machines, backups, among others.

Statistical processing systems and databases containing confidential information were deleted
According to Valencia, there would have been the elimination of backup (backup copies) and the impact of at least 420 servers of the entity.

The complaint document reiterates that the attack seriously impacts the work of the Dane, in charge of producing the statistics and databases of the country's official information.

In addition, they indicate that the attack put at risk the data and private information that is handled in the institution.

"This attack puts at serious risk our data and the reserve and confidentiality of the information that we collect in our operations," closes the complaint.

 

LINK: https://www.eltiempo.com/tecnosfera/novedades-tecnologia/dane-asi-fue-el-hackeo-a-la-plataforma-digital-de-la-entidad-631818