“Dear, we are infected and we are trying to recover the data, we are a Chilean non-profit organization which helps homeless people, we make the links of the doctors who do not have any benefit only to help. Please how can we recover the data ”.
The message was sent via e-mail by Marco Bruna, computer scientist at the Medical College, in the midst of uncertainty. The recipients? Hackers who hours before had encrypted and hijacked the organization’s databases.
Information from affiliates and the institution’s accounting system were now in the hands of unknown cybercriminals, who quickly asked for a ransom to be paid in Bitcoins.
The events today are the subject of investigation, after the Colmed presented a criminal complaint last Friday, against those who are responsible, for the crime of computer sabotage. This is the story.
A malicious virus
In the eight-page libel, the Medical College describes the events that occurred on September 11 at its premises in Santiago. In the presentation, entered before the Seventh Capital Guarantee Court, it is detailed that everything was uncovered after Alejandro Román, an analyst engineer, tried to perform routine tests on institutional servers. The task was impossible for him, he could not access them for reasons that until then were unknown.
The error was quickly reported to the association’s general manager, who in turn notified the entire IT team of the anomaly.
After remotely corroborating the failure, Marco Bruna, one of the staff professionals, traveled on Sunday, September 12, to the Colmed premises. There he found that it was not the failure of a switch It was recently installed, as he suspected, but everything corresponded to a computer virus that had damaged the institution’s files and local computers.
A day later an emergency meeting was called. All the agency’s IT team attended.
According to the complaint, the servers where the databases of registered doctors reside, the institution’s accounting system, and the teams of workers and other users that were active on September 11, were contaminated. At the appointment, the professionals detected the presence of a ransomware.
Simply put, it was a software malicious software that hijacks files and sometimes computers, devices or entire networks, by encrypting them and preventing access to them. In good Chilean, he “kidnaps” them.
After checking the infected computers, Bruna himself found a file called “ReadMe.txt”. Upon opening it, a message written in English appeared:
“Gentlemen! Your business is at serious risk. There is a significant gap in your company’s security system. We have easily penetrated your network. They should thank the Lord for being hacked by serious people, not by stupid schoolchildren or dangerous punks. “, you see the header of the found document.
Next, the unknown individuals delivered a series of instructions so that the Medical College could recover the aforementioned files. All in exchange for paying an undetermined sum in Bitcoins.
“The final price depends on how quickly they write to us. Each day of delay will cost you in additional BTC. Nothing personal only business ”, they warn before saying goodbye.
With the files hijacked and without clarity on how to proceed, Bruna decided to send an email to two contact boxes that were left by the hackers in the file. The tenor is as follows:
Dear, we are infected and we are trying to recover the data, we are a Chilean non-profit entity which helps homeless people, we make the links of the doctors who do not have any benefit only to help. Please, how can we recover the data to be able to collect the money which we do not have, but I personally and a colleague who helps me will try to collect some money so that they can help us. Thank you so much”
Mail sent by Bruna
The response was quick. The hackers retorted that they could recover the encrypted files only in exchange for 500k Bitcoins.
In the Colmed they still do not know if it is half a million dollars in cryptocurrency (US $ 500 thousand) or 500 thousand Bitcoins, a sum that would rise to the ridiculous amount of 27 billion dollars.
That is, more than the fortune of any Chilean billionaire.
Thus, through the presentation, the Colmed lawyers request the Public Ministry to send an investigation order to the Investigative Police and to take a statement from the entity’s computer staff to clarify what happened.
Requested by the BioBioChile Research Unit, the attorney representing the Medical College, Adelio Misseroni, clarified that the files did not contain sensitive personal information of the affiliates.
In addition, he detailed that some of the data has already been recovered and restored with information and tools of the entity.
The progress of the investigation is now in the hands of the prosecution.
Our comments are a space for conversation and debate. We welcome constructive criticism, but we reserve the right to remove comments or to block users aggressive, offensive O abusive.