Ransomware attack compromises data of millions of Guatemalans in the U.S.

Onyx ransomware hack in Guatemala has national security implications.

Cybercrime. (Credit: Towfiqu Barbhuiya, Unsplash)

Cybercrime. (Credit: Towfiqu Barbhuiya, Unsplash)

Ransomware cyberattacks are hitting not only the industrial sector in the United States, but also foreign governments, as seen in a September attack on Guatemala’s foreign ministry.

The Guatemalan Observatory of Cyber Crime, it was the VSOP Onyx ransomware group that hacked into the servers of the agency of the Central American republic.

There are fears that the hack may have also compromised Guatemala’s Ministry of Migration and the country’s database of its residents.

On September 19, the foreign ministry noticed the cyber-attack that it finally admitted publicly on October 8, following demands from media and politicians. The Observatory has stated that the ransomware group blocked users from using the foreign ministry’s system for several weeks, while extorting a payment in crypto currency or credit card charges.

Foreign Minister Mario Búcaro said on October 8 that a flaw was found in the ministry’s system in September, which meant that Guatemalans’ appointments at their government’s 24 consulates and consular offices in the U.S. were affected. He said that the system is now operational, but denied that passports or personal I.D. had been affected.

On October 26, the Guatemalan government declared that all information, communications, files, archives or documentation regarding the intrusion into the technical infrastructure of the Foreign Ministry is to kept secret for the next seven years.

Some observers criticized the government for classifying foreign ministry documents, arguing that it may include negotiations between Guatemala and neighboring Belize over Guatemala’s territorial claims which the government wishes to conceal.

 In the unresolved territorial dispute, which has festered since at least 1859 when Britain controlled the former British Honduras, Guatemala has claimed half of the territory of Belize, whose independence Guatemala recognized in the early 1990s.

According to Prensa Libre, Pedro Pablo Morales – an expert on migration issues – believes that the Guatemalan government is justified in its concerns over data that may jeopardize national security.

Morales said that the government was less than transparent by classifying the documents related to the ransomeware incident, while saying that citizens are justified to be concerned about hacked personal and consular data.

The foreign ministry has not issued statements about the data threatened by the ransomware attack. According to the Migration Policy Institute, at least 1.3 Guatemalan immigrants live in the United States, while there is also a sizeable community living in Mexico, where many fled during the country’s decades-long civil war. Some 3 million Guatemalans live in the U.S., of which only 400,000 have work authorization, according to Prensa Libre.

Fears grow in Guatemala that the personal information of Guatemalan expatriates may be misused by the hack, exposing personal information of both legal and illegal residents in the U.S. The information may include addresses, birth certificates of children born to Guatemalan immigrants in the U.S., as well as business information, emails, passports, as well as documents required by foreign governments.

Dragos, a cybersecurity firm, reported that at least 25 ransomware groups, including Onyx, Bianlian, Donuts, and Sparta Blog, are actively targeting industries:

“Ransomware continues to be one of the most threatening financial and operational risks to industrial organizations worldwide during the third quarter of 2022. Last quarter, Dragos assessed with high confidence that Q3 would witness an increase in ransomware groups’ evolving activities, the disruption of industrial operations, and the appearance of new or reforming ransomware groups. The assessment remains correct, except that Dragos is unaware of any significant industrial disruptions in Q3.”

Martin Barillas is a former diplomat. He is the author of a novel, Shaken Earth.

Topic tags:
Guatemala Belize national security crime ransomware