{
	"id": "34bf8b5b-5222-4981-a35e-98412802657f",
	"created_at": "2026-04-06T00:19:36.189605Z",
	"updated_at": "2026-04-10T03:21:37.081608Z",
	"deleted_at": null,
	"sha1_hash": "32cf24bdf22f79065a041ce96104f324793c6750",
	"title": "Ecuador's state-run CNT telco hit by RansomEXX ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 4435654,
	"plain_text": "Ecuador's state-run CNT telco hit by RansomEXX ransomware\r\nBy Lawrence Abrams\r\nPublished: 2021-07-17 · Archived: 2026-04-05 13:52:12 UTC\r\nEcuador's state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted\r\nbusiness operations, the payment portal, and customer support.\r\nCNT is Ecuador's state-run telecommunication carrier that offers fixed-line phone service, mobile, satellite TV, and internet\r\nconnectivity.\r\nStarting this week, the CNT website began displaying an alert warning that they suffered an attack and that customer care\r\nand online payment are no longer accessible.\r\nhttps://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nAnnouncement on the website about the cyberattack\r\n\"Today, July 16, 2021, the National Telecommunications Corporation, CNT EP, filed a complaint with the State Attorney\r\nGeneral's Office for the crime of “attack on computer systems \"so that the preliminary investigation is carried out and the\r\nresponsible,\" read the alert translated into English.\r\n\"This attack affected the care processes in our Integrated Service Centers and Contact Center; In this regard, we indicate to\r\nour users that their services will not be suspended for non-payment.\"\r\n\"We must inform our clients, massive and corporate, that their data is They are duly protected. We also inform that services\r\nsuch as calls, internet and television, operate normally.\"\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at\r\n+16469613731 or on Wire at @lawrenceabrams-bc.\r\nCNT suffers RansomEXX ransomware attack\r\nWhile CNT has not officially stated that they suffered a ransomware attack, BleepingComputer has learned that the attack\r\nwas conducted by a ransomware operation known as RansomEXX.\r\nSecurity researcher Germán Fernández shared with BleepingComputer a hidden link to the group's data leak site that warns\r\nCNT that the gang would leak data stolen during the attack if CNT did not pay a ransom.\r\n\"Your time is LIMITED!\r\nWhen this time will come to end, there are two ways: we will RAISE the ransom amount or PUBLISH your\r\nfiles.\r\nYou will lose the opportunity to contact us after the data PUBLICATION.\r\nIf you REALLY WANT to prevent data leak, contact us RIGHT NOW.\r\nWe have downloaded 190GB+ of your files and we are ready to publish it.\" - RansomEXX.\r\nhttps://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/\r\nPage 3 of 5\n\nHidden RansomEXX data leak page for CNT\r\nThis page is currently hidden from the public and can only be accessed via the direct link. These hidden pages are\r\ncommonly included in ransom notes to prove that a ransomware operation stole data during an attack.\r\nIn CNT's press statement, the company states that corporate and customer data are secure and have not been exposed.\r\nHowever, the RansomEXX gang claims to have stolen 190 GB of data and shared screenshots of some of the documents on\r\nthe hidden data leak page.\r\nThe screenshots seen by BleepingComputer, include contact lists, contracts, and support logs.\r\nThe ransomware operation originally launched under the name Defray in 2018 but became more active in June 2020 when it\r\nrebranded as RansomEXX and began to target large corporate entities.\r\nLike other ransomware gangs, RansomEXX will compromise a network through purchased credentials, brute-forced RDP\r\nservers, or by utilizing exploits.\r\nOnce they gain access to a network, they will quietly spread throughout the network while stealing unencrypted files to be\r\nused for extortion attempts.\r\nAfter gaining access to an administrator password, they deploy the ransomware on the network and encrypt all of its\r\ndevices.\r\nAs is becoming common among ransomware operations, RansomEXX created a Linux version to ensure they can target all\r\ncritical servers and virtual machines.\r\nThe RansomEXX gang's has a history of high-profile attacks, including Brazil's government networks, Texas Department of\r\nTransportation (TxDOT), Konica Minolta, IPG Photonics, and Tyler Technologies.\r\nBleepingComputer has contacted CNT with further questions but has not received a response at this time.\r\nhttps://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/"
	],
	"report_names": [
		"ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434776,
	"ts_updated_at": 1775791297,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/32cf24bdf22f79065a041ce96104f324793c6750.pdf",
		"text": "https://archive.orkl.eu/32cf24bdf22f79065a041ce96104f324793c6750.txt",
		"img": "https://archive.orkl.eu/32cf24bdf22f79065a041ce96104f324793c6750.jpg"
	}
}