The Black Hunt Virus Strikes Paraguay’s Tigo Business
The Paraguay Ministry of Defense has issued a warning about the cyber vengeor of the Black Hunt virus, following a recent hacker attack on Tigo Business, a leading provider of cloud services and hosting. Tigo Business, a division of Tigo, the largest mobile operator in Paraguay, offers a range of digital solutions for businesses, including cybersecurity consulting, cloud hosting, and broadband network solutions.
Last week, Tigo Business experienced interruptions in its website services. However, the company only officially confirmed the security incident over the weekend, stating that a small group of customers were affected by the attack. Tigo Business clarified that the attack did not compromise the internet or Tigo Money electronic wallets, contrary to some inaccurate news reports.
According to reports, the hacker group behind the attack is known as Black Hunt. This relatively new group of extortionists has been active since the end of 2022 and often targets companies in South America. Their modus operandi involves gaining access to corporate networks and gradually gaining enough rights to launch encryption attacks. The attackers delete Windows events, shadow copies of volumes, and NTFS magazines. They also disable Windows recovery, Windows defender, and block the tasks dispatcher.
As a result of the attack on Tigo Business, more than 330 servers were encrypted, including compromised backup copies. Encrypted files now have the extension [id].[email].hunt2. Additionally, each folder contains the files #BlackHunt_Redme.hta and #BlackHunt_Redme.txt, which provide information about the attack and an email for communication.
Although the hackers claim to have stolen sensitive data in their files, there is currently no evidence to support this claim.