RansomHub Hacks Mexico’s Federal Website, Demands Ransom
A significant cyberattack has been reported in Mexico, with the hacker group RansomHub claiming responsibility for breaching the federal government’s official website, gob.mx, and stealing 313 GB of data. The announcement appeared on their dark web platform on November 15.
According to the cybercriminals, the stolen data includes contracts, insurance documents, financial records, and classified files. The group has given the government ten days to pay a ransom, threatening to release all the stolen materials if their demands are not met.
On their website, RansomHub has already published over 50 sample files, purportedly extracted from the federal employees’ database. These samples reveal full names, job titles, email addresses, photographs, and internal identification numbers of government staff.
The stolen documents include signed papers from 2023, such as communications addressed to Mexico’s IT and Communications Director Mario Gavini Morales, as well as a transportation services contract valued at approximately $100,000.
RansomHub is a relatively new player in the ransomware landscape, first making headlines in February 2024. According to researchers at Searchlight Cyber, the group has rapidly ascended to become one of the top three most active ransomware collectives this year, surpassing several well-established groups.
A report from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) indicates that RansomHub has breached more than 210 organizations since its emergence, targeting major corporations like Kawasaki Motors and Halliburton. Operating under a “Ransomware-as-a-Service” (RaaS) model, the group employs double-extortion tactics, stealing data and threatening its public release. It is also known that RansomHub previously operated as an affiliate of the larger ransomware group BlackCat (ALPHV).
The breach of Mexico’s government website underscores the growing vulnerability of even highly secured systems to new entrants in the cybercrime ecosystem. In a remarkably short time, such groups can scale their operations to rival traditional hacking collectives, successfully targeting critical government infrastructure on a national level.
