Cyber Incident Victim: Gobierno Municipal de Chihuahua
Date:
Sep 2022
Location:
Mexico
Summary
A ransomware attack encrypted Office files within the municipal government's systems, disrupting administrative operations. Early detection allowed containment by isolating affected machines, though some files remained inaccessible. Recovery efforts began immediately, with gradual restoration of services expected; manual processing temporarily replaced certain digital transactions. Officials confirmed no data theft occurred and deemed internal involvement unlikely, emphasizing that compromised information was solely institutional. Legal teams prepared to file formal complaints regarding the incident, which impacted approximately 1,500 computers. Public services continued with alternative communication methods during restoration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 24, 2022, the Gobierno Municipal de Chihuahua experienced a cyberattack involving an encrypting virus targeting Microsoft Office files (Word and Excel) within its systems. Municipal officials, including Cabinet Secretary Arturo García Portillo and Planning and Government Innovation Director Verónica Rodulfo, confirmed the incident during a press briefing. The attack was detected at 14:25 hours that day while still in an early stage, prompting immediate containment measures. IT staff isolated active workstations to prevent further spread. Authorities emphasized no evidence suggested data theft or compromise of financial accounts or security systems. Initial analysis indicated the malware rendered infected files unmodifiable and unsaveable by encrypting them, though officials maintained the affected data consisted solely of institutional operational documents with no personal or sensitive content.
Response operations commenced on September 25 with Miguel Ángel López, Subdirector of Administrative Modernization, leading recovery efforts across approximately 1,500 municipal computers. Technicians prioritized restoring systems gradually to ensure security, with partial functionality returning within hours. The attack minimally impacted the Ventanilla Virtual digital services portal, as most of its ~50 daily transactions had already been processed before the infection. Manual procedures temporarily replaced affected digital services to maintain public operations, while internal communications shifted to alternative channels. Investigators considered both internal and external attack vectors but assessed low probability of insider involvement. Legal teams initiated preparations for formal complaints to relevant authorities, though specific attribution remained undetermined at the time of reporting. Restoration efforts focused on isolating critical operational networks ("first layer" circuits) containing routine work files while continuing decryption attempts on compromised data.