Graphic image of a man stealing information from computers.domoyega (Getty Images)
Colombia was shocked this Thursday by the consequences of a massive cyber attack that affected numerous government entities for more than 48 hours. The web portals of the Judiciary, the Ministry of Health, the Superintendence of Industry and Commerce, the Superintendence of Health and many other organizations were offline for three days. The problem is so serious and complex that the person the government has tasked with solving it, Senior Advisor to the President for Digital Transformation Saúl Kattan, assures that he has no knowledge of how many companies are affected. In a telephone interview with EL PAÍS, he claims that “the information of millions of people is currently in the hands of criminals.”
Kattan heads the Unified Cybersecurity Command Post (PMU Ciber), which the government set up this Wednesday to combat the consequences of the hack together with IFX Networks, the multinational whose security was breached on Tuesday morning. But the news is not yet encouraging. Although the PMU Ciber and the company work with “technological experts at the highest level in the world,” explains the consultant, it is still impossible to know how long it will take to restore services. “The times are uncertain. You talk about hours, but hours can be days,” he admits. Cybersecurity expert Alejandro Navarro says that “after an attack of this type, it typically takes a company a month to re-establish itself.” However, he warns that the consequences could last three to six months.
This Wednesday, the judiciary, one of the most affected institutions, decided to “suspend the court sentences”. [el periodo de tiempo marcado para resolver un proceso judicial] throughout the national territory” until September 20th. The decision is due to the fact that the web portals are completely frozen, says defense lawyer Juan David Bazzani, so there is no way to see the status of the processes. “You can’t consult anything,” he adds. Given the crisis, the branch has set up an alternative emergency page that “works more or less well,” explains Bazzani. Correctional officer Fabio Humar, who has the same problems as his colleague, is not optimistic: “We can’t do anything. They say we should return to normality next week, but I highly doubt that.”
Other entities affected by the hack include the Ministry and the Superintendence of Health. Kattan warned this Wednesday in an interview with Blu Radio that “the health system is under control”. According to the consultant, the websites of many health centers and the EPS are down, preventing patients from making appointments and doctors from accessing medical records. The Ministry of Health has not commented on the situation.
The cyberattack began at 5:50 a.m. on Tuesday when software attacked several virtual machines owned by IFX Networks in Colombia, the company confirmed in an official statement. It was carried out using a ransomware-type file, a virus that invades devices, spreads “like wildfire” through their files and “hijacks user information,” says cybersecurity expert Navarro. Hackers usually do this to demand payment in return for restoring normality. Speaking to EL PAÍS, consultant Kattan assures that he does not know if those responsible for the cyberattack asked IFX Networks for money to restore services. “I don’t think the company can tell us, but the government is not in favor of paying premiums for absolutely nothing,” he said.
Subscribe to the EL PAÍS newsletter about Colombia here and receive all the important information about current events in the country.
Newsletter
Current events analysis and the best stories from Colombia, delivered to your inbox every week
GET THIS