The identity of the cybercriminals who attacked Artear revealed: they started uploading stolen information

After the cyber attack suffered on June 1 by Artear, the company that owns Channel 13, TN and other television channels of the Grupo Clarín, it became known who managed to access the systems. is approx hivea gang of cybercriminals working with ransomware, a type of program that encrypts third-party files to ask for money in exchange for their ransom.

Hive released the rumor this Thursday morning with the confirmation of the cyber attack. There the band uploaded a post in which they give information about the group.

Along with this information there are two links to download the user data that no longer works in the company and a second download address, which at the moment gives an error. In the post you can also see the date of the encryption, which refers to June 1st of this year, at 9:34 am.

Hive is a gang of cybercriminals extorting victims with ransomware. Their last major attack was on the Costa Rican public health system at the end of May this year. Microsoft also fell prey to Hive when Microsoft Exchange servers were compromised on April 20, 2022.

“The Hive ransomware group is one of the most resonant of recent times. Using a Ransomware as a Service (RaaS) model and a large network of affiliates, they quickly compromise a diverse and vast number of industries around the world. Some researchers point out that they manage to breach on average three big companies every month”Mauro Eldritch, architect and IT security consultant, explained to Clarín.

“Among his victims, besides Artear, there is one of the most followed Colombian television stations (CaracolTV); airlines such as Travira Air; oil companies like GuardFuel-GuardianFuel, industrial companies like XEIAD, Soucy or ChemStation; and even a Brazilian company that provides cybersecurity services, G&P, “he added.

They also fail to abide by an implicit rule that other cybercriminals follow: Don’t harm essential services. “They also attacked health care workers such as Goodman Campbell, the Missouri Delta Medical Center and the Memorial Health System, which resulted in the cancellation of surgeries and procedures in at least three hospitals,” he explains.

Since the attack was made public on June 1, some internal workers from various Artear companies such as TN reported work problems. The difficulties were recorded above all within the editorial offices, that is, in the work on site.

This was due to the fact that the company restricted some access doors to contain the attack, which affected the performance of the equipment, making daily work very complicated due to the slowness of the equipment.

At the moment, the amount requested by the cybercriminals has not been disclosed.

What is ransomware

Ransomware is a type of program that encrypts information to extort money from users. Its name is an acronym for “Data backup program”: ransom in English means ransom and ware is an abbreviation of the well-known word software: a data hijacking program. Ransomware is a sub-type of malware, which stands for “malicious software”.

Now, this type of program works by limiting access to parts of our personal information, or all of it. And in general, hackers use it to ask for something in return: money.

While some simple ransomware can lock down the system in an easy way, more advanced ones use a technique called “cryptoviral” extortion, in which the victim’s files are encrypted making them completely inaccessible.

In recent years, this form of extortion has become very popular with cybercriminals, putting business giants like Nvidia, Samsung, Capcom, Microsoft and Apple into trouble all over the world.

Locally, Mercado Libre, Globant and even Ingenio Ledesma fell prey to this type of extortion.

Even the Argentine state was not immune: in 2020, cybercriminals from a gang called Netwalker published sensitive data from Migrations of Argentina.

And in January of this year, the Senate of the Nation suffered a massive private data leak.