Cyber Incident Victim: Comando Conjunto de las Fuerzas Armadas Del Ecuador

On October 26, 2022, the BlackCat ransomware group listed the Joint Command of the Armed Forces of Ecuador on its leak site, prompting speculation of a cyberattack. This occurred amid regional ransomware incidents targeting government entities in Central and South America. Ecuador's military responded through an official Twitter statement on Saturday, denying any system compromise or data breach. The Cyber Defense Command conducted an investigation following the rumors and concluded that no digital systems or websites operated by the Joint Command had been compromised at any level. Military officials attributed their website's downtime to scheduled preventive maintenance described as a safety measure, with systems to be restored after unspecified technical work. No evidence of data theft or encryption was acknowledged, and the military did not confirm any communication with BlackCat operators.

The incident unfolded against a backdrop of escalating ransomware activity across Latin America, including confirmed attacks on Argentina's capital legislature in September 2022, Córdoba's Judiciary in August 2022, Chile's unnamed government agency, and the Dominican Republic's departmental systems in late August. BlackCat's prominence as an emerging threat was noted, with the FBI documenting at least 60 confirmed attacks by the group as of March 2022. Historical connections were drawn between BlackCat and earlier ransomware operations like BlackMatter and DarkSide, though no technical evidence linked these groups to the Ecuador incident. The military maintained full denial of operational impacts beyond maintenance-related website unavailability, distinguishing their situation from contemporaneous regional attacks that disrupted government functions in Costa Rica and Brazil.