Panama Economy Ministry Confirms INC Ransomware Attack
▼ Summary
– Panama’s Ministry of Economy and Finance detected a possible malware incident on one workstation but contained it without affecting core systems.
– The ministry activated security protocols and reinforced preventive measures across its IT infrastructure following the incident.
– INC Ransom gang claimed responsibility for the attack, alleging theft of over 1.5 TB of data including emails and financial documents.
– The hackers added MEF to their victim list on September 5 and leaked sample documents as proof of the breach.
– INC Ransom emerged in mid-2023 as a ransomware service and has targeted multiple high-profile organizations worldwide.
The Ministry of Economy and Finance in Panama has acknowledged a cybersecurity incident involving one of its workstations, though officials emphasize that core operational systems remain unaffected. Immediate activation of security protocols helped contain the potential threat, and preventive measures have been reinforced across the entire IT infrastructure.
In an official statement, the Ministry confirmed the detection of possible malicious software on a single workstation. Standard security procedures were promptly initiated to isolate and address the intrusion. The Ministry was careful to note that its central platforms, including those handling fiscal policy, public spending, and debt management, continue to function without disruption.
Panama’s MEF plays a critical role in the nation’s economy, overseeing key financial operations and managing revenues from the Panama Canal, which serves as the country’s primary source of income. The Ministry has assured the public that both personal and institutional data remain secure, with all necessary safeguards in place to prevent similar incidents in the future.
Despite these assurances, the INC Ransom group has publicly claimed responsibility for the attack. In a post on its dark web leak site dated September 5, the threat actors alleged they exfiltrated over 1.5 terabytes of sensitive data, including internal emails, financial records, and budget documentation. As proof, the group published samples of what appear to be official government documents.
INC Ransom, which emerged in mid-2023 as a ransomware-as-a-service operation, has previously targeted major organizations worldwide. Victims have included Yamaha Motor, Xerox Business Solutions, Scotland’s NHS, McLaren Health Care, and the Texas State Bar. The group’s activities reflect a broader trend of increasingly aggressive cybercriminal enterprises.
Earlier this year, in May 2024, an individual using the alias “salfetka” advertised the sale of INC Ransom’s source code on Russian-language hacking forums, asking $300,000 for the malware’s underlying programming. This development suggests the group’s tools may become more widely available to other cybercriminals.
Requests for comment regarding the validity of the hackers’ claims were not answered by the Ministry prior to publication. The situation remains under review as authorities continue to assess the full scope and impact of the incident.
(Source: Bleeping Computer)