Cyber Incident Victim: Claro
Date:
Jan 2024
Location:
Colombia
Summary
A telecommunications company experienced a ransomware attack targeting certain computer systems, prompting immediate investigation and containment measures. The organization isolated compromised devices and proactively shut down additional systems to prevent further spread while activating alternative operational mechanisms. Restoration efforts are underway to return affected equipment to normal functionality, with expectations of full system recovery in the near term. Services continue through contingency protocols during the remediation process.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 25, 2024, telecommunications provider Claro detected anomalous activity within its systems, prompting an immediate internal investigation. The company confirmed this activity constituted a ransomware incident affecting an unspecified number of computers. As part of established security protocols, Claro isolated the compromised devices and proactively shut down additional systems to contain potential spread. This defensive measure caused service disruptions, though the company did not specify which services or customers were impacted. Claro transitioned operations to alternative mechanisms to maintain service continuity while remediation efforts proceeded. Initial public communication occurred via social media channels, where the company acknowledged the attack and containment steps without attributing blame to any threat actor group.
Technical teams initiated restoration processes on affected equipment following containment. Claro expressed confidence in returning systems to normal operations "in the short term" but provided no specific timeline for full recovery. The company's Facebook statement emphasized operational continuity through backup methods while restoration continued. No data theft, financial demands, or threat actor identities were disclosed in available communications. Service impacts persisted during the recovery phase, though Claro's mitigation strategy prevented complete operational collapse. The incident remained under active management with no further public updates regarding forensic findings or long-term consequences beyond the immediate restoration work.