The attack began last 25 August against different servers operated by the affected agency. The attackers stopped the machines and added encryption to the files. According to researchers, The malware used in this attack also has credential-stealing functions on websites.
As is usually the case in these attacks, The attackers offered a communication channel to the victim to negotiate the ransomware payment to prevent the information from being leaked and the encrypted data from being decrypted. They threatened to carry out their threats on 3 days.
The Chilean CSIRT has not yet identified a person responsible for the attack nor provided enough details that could clarify the identification of the malware.
The government has recommended that entities use properly configured firewalls, update virtualization and Windows systems and make backups.
Fountain: Bleeping Computer