A ransomware attack by the group RansomHub targeted the Mexican government’s Gob.mx platform, resulting in the theft of 313GB of sensitive data. The stolen data included government contracts, insurance information, and financial records. RansomHub threatened to release this data to the dark web unless a ransom was paid, giving the government a 10-day deadline. The incident is currently under investigation by Mexican authorities.
The compromised Gob.mx platform is a key government website that promotes innovation and provides essential information and services to the public. The scale of the data breach is significant, raising concerns about potential misuse of the stolen information and the potential impact on government operations and citizen trust. Check Point Research has identified RansomHub as the perpetrator, providing details of the attack in a Threat Intelligence Report, while Check Point's security solutions, such as Threat Emulation and Harmony Endpoint, offer protection against similar attacks.
This attack follows a recent cybersecurity incident affecting 13 Mexican airports. While the airport incident did not appear to have a material effect on operations, this new attack underscores significant vulnerabilities within Mexican government systems. The Mexican government is working to determine the precise extent of the damage and is actively investigating this incident. The undisclosed ransom amount and the potential consequences of the data release remain significant concerns.