Ministerio de Finanzas del Ecuador

Ecuador's Ministry of Finance and Public Credit is the central government entity responsible for the management of the nation's public finances. Its core mandate encompasses the formulation and execution of fiscal policy, including the preparation and administration of the national budget, management of state revenue through taxation and other means, and oversight of public expenditure. A key component of its role, as indicated by its full name, is the management of public credit, which involves handling government debt, negotiating loans, and regulating aspects of the country's financial relationships with international institutions and creditors. The ministry serves the entire Ecuadorian state, setting financial rules and guidelines that other government agencies must follow, thereby playing a critical role in the country's economic stability and development. Its operations are fundamental to the functioning of the public sector, ensuring funds are allocated and managed according to law and national strategy. The sensitive nature of its work means it processes and stores vast quantities of confidential data related to national financial planning, government contracts, employee records, and internal communications. As a high-value target within the national infrastructure, its systems are repositories for information that, if compromised, could have significant repercussions for government operations and national security. The ministry's activities place it at the center of Ecuador's fiscal landscape, directly influencing public services and economic policy.

The ministry's operational environment and the criticality of its data were starkly highlighted by a major security incident in February 2021. During this event, a ransomware group identified as Hotarus Corp successfully compromised the ministry's systems. The attackers deployed PHP-based ransomware to encrypt files, including an online course platform operated by the ministry, and exfiltrated a substantial volume of internal data. The stolen information reportedly included emails, employee personal details, internal contracts, and thousands of user login credentials, which the group subsequently leaked. This breach demonstrated the ministry's vulnerability to sophisticated cyber threats aimed at disrupting government functions and extorting money through data theft. The incident also involved a simultaneous attack on Ecuador's largest private bank, suggesting a coordinated campaign against the country's financial sector. The ransomware group stated their motivation was financial, claiming to have stolen millions of customer records and sensitive financial data from the bank, part of which was sold and the remainder auctioned. While independent verification of the full extent of the data theft was not available, the attack underscored the ministry's role as a custodian of highly sensitive national financial information and a prime target for financially driven cybercriminal organizations seeking to leverage such data for profit. The event served as a clear indicator of the persistent and evolving cyber threats facing critical government financial institutions.