Cyber Incident Victim: Servicio Nacional del Consumidor

On August 25, 2022, Chile’s National Consumer Service (Sernac) disclosed a ransomware attack that disrupted its systems and online services. The incident targeted Windows and VMware ESXi servers, with the ransomware encrypting files across compromised systems and appending the .crypt extension to affected filenames. Sernac, responsible for protecting consumer rights in Chile, experienced operational interruptions following the encryption of its infrastructure. Analysis by SecurityWeek indicated the attack likely involved RedAlert ransomware (also known as N13V), a relatively new threat employing double extortion tactics. This method combines file encryption with threats to leak stolen data unless a ransom is paid. At the time of reporting, RedAlert’s Tor-based leak site did not list Sernac or any Chilean government entity, suggesting no confirmed data publication had occurred. The Chilean Ministry of Interior publicly acknowledged the breach the preceding week, though Sernac remained the only specifically named agency.

Chilean authorities responded by releasing indicators of compromise (IoCs) to aid detection and analysis efforts. No ransom payment or negotiations were disclosed in available reports. The attack occurred amid a broader wave of ransomware operations targeting Latin American government entities, including Argentina’s Judiciary of Córdoba (hit by Play ransomware) and the Dominican Republic’s Agrarian Institute (compromised by Quantum ransomware). Sernac’s disclosure emphasized service disruptions but did not specify data theft volumes, financial demands, or recovery timelines. The incident highlighted continued threats to regional government infrastructure, following high-profile attacks like Conti’s operations against Costa Rica and Peru earlier in 2022. Chilean officials maintained standard incident response protocols without detailing additional containment or eradication measures beyond IoC dissemination.