Menu
Browse

Grupo Vanti

Primary URL Location Industry
grupovanti[.]com
Country Colombia
Energy Icon
Energy
Profile

Grupo Vanti is classified as an energy company.
The firm's headquarters are situated in Colombia.
It utilizes managed file transfer solutions as part of its information technology infrastructure.
The organization serves customers within the Colombian energy market.
Its operations are subject to national regulatory frameworks governing energy provision.

On January 1, 2023, Grupo Vanti was identified as a victim of a ransomware attack that exploited a vulnerability in Fortra's GoAnywhere managed file transfer software.
The attack was carried out by the Russia-linked Clop ransomware gang, which claimed to have compromised approximately 130 organizations worldwide.
Clop asserted that it exfiltrated sensitive data including employee information, tax documents, and healthcare records from the compromised entities.
While some affected organizations confirmed substantial data theft impacting millions of individuals, others maintained that only test or non‑production data was accessed.
Grupo Vanti did not publicly confirm or disclose any details regarding the extent of the breach or whether any data was actually exfiltrated from its systems.

The attackers used the stolen data as leverage for extortion, threatening to publish the information on their dark web leak site if ransom demands were not met.
This incident highlighted the widespread risk posed by unpatched vulnerabilities in third‑party file transfer platforms across multiple industries.
As a participant in the Colombian energy sector, Grupo Vanti's involvement underscored that critical infrastructure entities are not immune to such supply‑chain style attacks.
The company has not issued a public statement detailing any remedial actions, security upgrades, or changes to its file transfer practices following the event.
Consequently, the episode remains a notable example in the timeline of ransomware campaigns targeting Latin American organizations in early 2023.

Incidents
Linked incidents available to members
1 incident