24.2k unique visitors in the last 3 days

Ransomware Attack Hits Claro across Latin America

Services have been disrupted in Costa Rica, El Salvador, Guatemala , Honduras and Nicaragua.

Claro, the biggest telecoms brand in South and Central America, has disclosed that it fell victim to a ransomware attack. It appears that the telco group felt obliged to share the news after more than a week of disruption to services in several countries. Trigona claimed responsibility via a ransom note (pictured below) that was left on a Claro server.

The following tweet illustrates how the news was made public by Claro. This particular tweet was from the official account of Claro Guatemala.

Since February 2, similar messages have been posted by Claro’s accounts for Costa Rica, El Salvador, Honduras and Nicaragua as well as Guatemala.

Trigona is threatening to destroy or sell the data it has hijacked. Despite the threat to customers, Claro has been reluctant to share much more insight. The attack has reportedly made it impossible for customers to pay for Claro’s services through the telco’s app, as well as preventing the activation of new lines. Trigona’s deadlines for negotiations have elapsed but without any seeming agreement being reached between Claro and Trigona. The response of regulators has been mixed, with several announcing they are investigating the situation but none taking definitive action.

Trigona is a successor to users of the CryLock ransomware. They are believed to have begun operations in October 2022 and have already achieved a degree of infamy. A pro-Ukrainian group of white hat hackers stated that they had taken Trigona’s web servers offline in 2023, but evidently Trigona has resurrected itself since.

Claro is a brand of América Móvil, the telecoms business owned by Carlos Slim, the Mexican billionaire who has previously been the richest person in the world.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email