facebook no scriptEcuador's state-run CNT under attack via RansomEXX Ransomware | Secure Blink
Corporación Nacional de Telecomunicación
Ecuador's state-run CNT under attack via RansomEXX Ransomware
CNT hit by RansomEXX ransomware. Customer and corporate data compromised and hosted on the breached website. 190 GB of data supposedly stolen...
18 July 2021
3 min read

Ecuador's CNT (Corporación Nacional de Telecomunicación), run by the state, faced a massive ransomware attack that caused havoc in the business operations, the payment gateway, and the company's customer support portal. CNT is an Ecuador-based telecommunication company that provides fixed-line phone services, satellite TV, and Internet connectivity services.

This week, the corporation's website started notifying users about a ransomware attack they suffered and that the customer support and payment portals were not accessible. The alert notification on the website read, "The National Telecommunications Corporation, CNT EP, filed a protest to the State Attorney General's Office regarding the ransomware attacks on company's computer systems. The initial investigation is going on and, the person behind this incident will be held responsible."


The notification also stated that the incident impacted the care processes in the company's Service centers and Contact portals and, the services of users will not be suspended. They also notified the users that, "The privacy and security of their data is our highest priority and, we are consistently working to secure it.'

CNT has not disclosed the source of the ransomware attacks yet, but Bleeping computer reported that the attack was organized by a ransomware operation called RansomEXX. Germán Fernández, a security researcher, shared a link to the group's data breach website that blackmails CNT about leaking the stolen data if the ransom is not paid. These pages are only accessible via these links hidden in ransom notes.


In an official press release, CNT stated that "The customer and corporate data are safe and have not been compromised." However, the ransomEXX gang claims to have abstracted 190GB of data from CNT and, they have posted several screenshots as proof on the data leak website. These screenshots include contact lists, contracts, and critical corporate data.

The ransomware campaign initially began in 2018 as 'Defray' but became more dynamic in June 2020 under the name 'RansomEXX' when they started scamming high-profile targets. The ransomware spreads throughout the victim's network stealing unencrypted files after its initial deployment.

The RansomEXX gang has a record of targeting prominent corporations across the world like Brazil's government networks, the Texas Department of Transportation (TxDOT), Konica Minolta, IPG Photonics, and Tyler Technologies. The investigation is still ongoing, and CNT is not responding to any questions related to the incident at this time.