Researchers have found a new threat actor (TA), which uses the ChaCha20-Poly1305 algorithm for encryption. The newly discovered TA, CrossLock Ransomware Group, has claimed to attack Brazilian IT & ITES company, Valid Certificadora on April 16.
However, the leak site post seems to have been put together in a haphazard way, a researcher at the Cyble Research and Intelligence Labs (CRIL) told The Cyber Express.
“During our investigation of CrossLock Ransomware Group’s claims, we discovered that the affected organization’s description is inaccurate,” the researcher said.
CrossLock ransomware group and Valid claims
Valid Certificadora, a subsidiary of Valid S.A., provides security printing services to private and public agencies in Brazil, Argentina, and Spain.
Valid is authorized to issue ICP-Brasil digital certificates, which are essential for individuals and legal entities engaging in electronic relationships with companies and government agencies across various sectors in Brazil.
If the CrossLock ransomware group’s claim are true, they could have significant ripple effects on these users.
Valid Certificadora is the latest organization in the Brazilian IT sector to face ransomware attack.
The Cyber Express has reported 47 attacks on the IT & ITES sector by 11 ransomware gangs in the first quarter of 2023.
CrossLock ransomware group, the latest to target Brazil
The Cyber Express has reported 47 instances of ransomware attacks on Brazilian firms in the first quarter of 2023. BlackByte was the most prolific ransomware gang, and government sector was targeted the most.
This has been a continuation of the patterns of the corresponding period of 2022.
According to a half-yearly report by cybersecurity business Fortinet, Brazil experienced 31.5 billion cyberattack attempts from January to June 2022, a 94% increase over the same period in 2021.
The number of ransomware attacks in the South American region doubled from H2 2021 to H1 2022, with Mexico leading in ransomware distribution activity, followed by Colombia and Costa Rica.
The most active ransomware campaigns in the region were Revil, LockBit, and Hive, and Conti ransomware caused significant damage in Costa Rica.