"Ransomware Gang Hacks Ecuador's Largest Private Bank, Ministry of Finance"
A hacking group called Hotarus Corp claims to have stolen internal data from Ecuador's Ministry of Finance and Banco Pichincha, the largest private bank in Ecuador. The ransomware gang used a PHP-based ransomware strain called Ronggolawe, also known as AwesomeWare. In the attack against Ecuador's Ministry of Finance, Ronggolawe was used to encrypt the contents of a site that hosts an online course. Following the attack, the threat actors shared a text file containing more than 6,500 login names and hashed password combinations on a hacker forum. The group claims that they stole sensitive ministry information, employee information, emails, and contracts. Banco Pichincha released an official statement confirming that Hotarus Corp hacked its marketing partner, not its internal systems. According to the bank, the attackers used the marketing partner to send phishing emails to customers to steal sensitive information and perform illegitimate transactions. However, the hacking group disputes the bank's statement. They say the attack on the marketing company allowed them to infiltrate the bank's internal systems. Once they gained access to the internal systems, the actors claim that they stole data and executed a ransomware attack. The hacking group claims to have stolen over 30 million customer records and more than 50 thousand sensitive system records. They shared images of the allegedly stolen data as proof of the attack. This article continues to discuss Hotarus Corp's ransomware attacks against two financial organizations and the alleged theft of data.