Chilean government warns of Black Basta ransomware attacks after customs incident

The government of Chile warned of ransomware attacks by a notorious gang of hackers after its customs department dealt with an incident on Tuesday.

Officials from the Servicio Nacional de Aduanas de Chile — the government department in charge of foreign trade, imports and more — said on Tuesday afternoon that they were able to prevent a cyberattack from progressing after discovering the incident.

“After detecting a security incident on our computer teams, we have taken all necessary preventive measures to not expose our computer teams and systems to potential vulnerabilities,” they said on several social media sites.

“All security measures and protocols established by the Computer Security Incident Response Team (CSIRT) of Ministerio del Interior y Seguridad Pública are already in place. Thanks to the work of our IT teams, this incident will not affect the operational continuity of the Service and we are taking all necessary measures to continue operating at the different control points in the country.”

In a follow-up message, the country’s Computer Security Incident Response Team (CSIRT) confirmed it was a ransomware attack and specified that the incident involved the Black Basta ransomware group — which has added dozens of new victims to its leak site this week.

The CSIRT warned all of the country’s government bodies that the ransomware was found “in a limited part of the digital infrastructure of the National Customs Service.”

They urged all government agencies to verify that backup copies of systems are protected and separated from the rest of the network. Agencies also need to audit the number of administrative accounts and more generally limit the number of people with administrative permissions.

They provided a range of other actions that should be taken as the government continues to monitor the network for any signs of further attack.

Chile has faced several cyberattacks and ransomware incidents in the last year. The CSIRT said last August that an unnamed government agency was affected by the ransomware campaign targeting Microsoft tools and VMware ESXi servers while their consumer protection agency announced that it too was hit with ransomware in April 2022.

The country’s Atacama Large Millimeter Array — one of the world’s largest astronomical observatories — was also hit with a cyberattack last year. While never confirmed, a ransomware gang leaked documents stolen from Chile’s military in June.

The attack comes as U.S. officials are set to convene a ransomware task force later this month populated with representatives from 45 countries. Senior Biden administration officials want the countries to pledge never to pay ransoms associated with ransomware attacks.