RansomHub gang claims breach of Mexican government's official federal website
Learn More
The RansomHub ransomware group has claimed a cyber attack against the Mexican government's official federal website (gob.mx).
The incident was claimed on November 15, 2024, when the threat actors listed the government domain on their dark web leak site. The hackers are asserting they have exfiltrated 313 gigabytes of sensitive data from the government's servers. The primary target appears to be the Legal Counsel of the Federal Executive Branch (CJEF).
The compromised data allegedly includes a wide range of sensitive government documents, including:
- Government Documents:
- Contracts
- Insurance documents
- Financial records
- Confidential files
- Personal Information of CJEF Staff:
- Full names
- Email addresses
- Job titles
- RFC (tax ID)
- Employee headshots
- Building assignments
- Phone extensions
- ID reference numbers
As evidence of the breach, RansomHub has released over 50 sample files, including a database of federal employees and signed government documents from 2023. Among the leaked documents is a transportation contract worth approximately $100,000 USD and correspondence addressed to Mario Gavina Morales, the Mexican government's Director of Information Technology and Communications.
The ransomware group has issued a 10-day ultimatum to the Mexican government to pay an undisclosed ransom amount before publishing the allegedly stolen files in their entirety. No details are disclosed about the number of affected individuals.
The government website continues to operate normally, and Mexican authorities have not yet released an official statement regarding the incident.
Update - as of 20th of November 2024, Mexico’s president says the government is investigating the alleged ransomware hack of her administration’s legal affairs office.
