RansomExx Ransomware Hits Retemex Exposing Client Data
RansomExx Ransomware Attack on Retemex: A Detailed Analysis
Retemex, a mobile virtual network operator (MVNO) based in Mexico City, has recently fallen victim to a ransomware attack orchestrated by the notorious RansomExx group. This incident has compromised the data of 24,883 clients, including plaintext passwords, posing a significant security risk to the affected individuals.
About Retemex
Retemex operates primarily on Mexico's Red Compartida, the country's most powerful 4.5G LTE network. The company offers a variety of wireless internet and mobile phone services, including eSIM technology and MiFi devices. Their plans range from 5 GB to 100 GB, with prices starting at approximately $112 MXN. Retemex emphasizes customer satisfaction with a seven-day money-back guarantee and operates without mandatory contracts, providing flexibility to its users.
Despite its small size, employing between 2 to 10 individuals, Retemex has positioned itself as a competitive player in the telecommunications market. The company is known for its fast and reliable network, extensive coverage, and customer service available 24/7 through multiple channels.
Attack Overview
The ransomware attack on Retemex was claimed by the RansomExx group via their dark web leak site. The attack has led to the exposure of sensitive client data, including plaintext passwords. This breach highlights significant vulnerabilities in Retemex's cybersecurity measures, making it a target for sophisticated threat actors.
About RansomExx
RansomExx, also known as Sprite Spider, is a dangerous ransomware variant active since 2018. The group targets both Windows and Linux environments, employing a tactic known as "double extortion," where they encrypt files and threaten to publish stolen data if the ransom is not paid. RansomExx has been involved in high-profile attacks on major corporations and government agencies worldwide, including the Texas Department of Transportation and Ferrari.
Penetration Methods
RansomExx employs a range of sophisticated techniques to infiltrate and spread within target networks. These include compromised remote desktop protocol, phishing campaigns, exploiting vulnerabilities, and leveraging tools like Pyxie, Cobalt Strike, and Vatet for post-compromise activities. The exact method used to penetrate Retemex's systems remains unclear, but the attack underscores the importance of effective cybersecurity measures.
Implications for Retemex
The ransomware attack on Retemex has significant implications for the company and its clients. The exposure of sensitive data could lead to identity theft and other malicious activities. Additionally, the breach may damage Retemex's reputation, affecting customer trust and potentially leading to financial losses.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!