Tigo Paraguay hit by ransomware, BlackHunt gang suspected
Take action: Denying an ransomware attack is a very dumb move - especially if your customers are impacted and are seeing the issue. That is the best way for customers never to regain trust in you.
Learn More
Tigo, Paraguay's largest mobile operator and internet service provider, suffered a significant ransomware attack, which occurred on January 4 and severely affected its business operations. Apparently, approximately 300 servers in Tigo's data center were encrypted, impacting around 300 companies relying on their services, leading to a loss of phone services and hosted files.
This attack not only disrupted private sector operations but also possibly affected some government organizations. The Paraguayan Army's cybersecurity team has advised both public and private entities to enhance their network security.
Local media attribute this attack to a ransomware group known as BlackHunt. Fortinet, a cybersecurity firm, notes that BlackHunt not only encrypts data but also engages in secondary extortion by stealing files, though it does not maintain a dark web data leak site like some other ransomware groups.
Following the attack, Tigo denounced all reports about the incident as "fake news," a stance that has led to ridicule on social media, with some customers considering switching to other service providers.
