Ransomware Attack Disrupts Barranquitas Municipality Services

Incident Date: Oct 28, 2024

Attack Overview
VICTIM
Barrinquitas, Municipio Autonomo
INDUSTRY
Government
LOCATION
Puerto Rico
ATTACKER
ElDorado
FIRST REPORTED
October 28, 2024

Ransomware Attack on Barranquitas Municipality: A Closer Look

The Municipality of Barranquitas, Puerto Rico, has recently been targeted by a ransomware attack claimed by the BlackLock group, formerly known as Eldorado. This incident highlights the persistent threat that cybercriminals pose to local government entities.

About Barranquitas Municipality

Barranquitas, officially known as Municipio Autónomo de Barranquitas, is a municipality located in the central mountainous region of Puerto Rico. Established in 1803, it serves as a vital administrative hub for its residents, providing essential municipal services through a virtual platform. The local government is deeply involved in community development and cultural activities, making it a cornerstone of the region's social and economic fabric.

The municipality's reliance on digital platforms for service delivery makes it a potential target for cyber threats. The attack on Barranquitas underscores the vulnerabilities inherent in municipal systems, which often lack the advanced cybersecurity measures found in larger organizations.

Details of the Attack

The ransomware attack was discovered on October 29, targeting the official website barranquitas.pr.gov. While the extent of the data breach remains unclear, the attack has disrupted the municipality's online services, affecting its ability to serve residents effectively. The incident is a stark reminder of the risks faced by government entities in the digital age.

Profile of BlackLock Ransomware Group

BlackLock, previously known as Eldorado, is a ransomware-as-a-service group that has quickly gained notoriety for its sophisticated malware. The group is known for targeting both Linux and Windows systems, with a particular focus on VMware ESXi servers. BlackLock distinguishes itself through its use of the Go programming language, enabling cross-platform attacks, and its employment of advanced encryption algorithms like ChaCha20 and RSA-OAEP.

The group likely penetrated Barranquitas' systems by exploiting unpatched vulnerabilities or through compromised Remote Desktop Protocol access. BlackLock's ability to adapt and rebrand itself reflects a broader trend among ransomware groups to evade detection and maintain operational effectiveness.

Implications for Municipal Cybersecurity

This attack on Barranquitas highlights the critical need for municipal governments to enhance their cybersecurity posture. As local governments increasingly rely on digital platforms, they must prioritize the implementation of comprehensive security measures to protect against sophisticated cyber threats like those posed by BlackLock.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.