Claro, the biggest telecoms brand in South and Central America, has disclosed that it fell victim to a ransomware attack. It appears that the telco group felt obliged to share the news after more than a week of disruption to services in several countries. Trigona claimed responsibility via a ransom note (pictured below) that was left on a Claro server.

The following tweet illustrates how the news was made public by Claro. This particular tweet was from the official account of Claro Guatemala.
February 2, 2024
Since February 2, similar messages have been posted by Claro’s accounts for Costa Rica, El Salvador, Honduras and Nicaragua as well as Guatemala.
Trigona is threatening to destroy or sell the data it has hijacked. Despite the threat to customers, Claro has been reluctant to share much more insight. The attack has reportedly made it impossible for customers to pay for Claro’s services through the telco’s app, as well as preventing the activation of new lines. Trigona’s deadlines for negotiations have elapsed but without any seeming agreement being reached between Claro and Trigona. The response of regulators has been mixed, with several announcing they are investigating the situation but none taking definitive action.
Trigona is a successor to users of the CryLock ransomware. They are believed to have begun operations in October 2022 and have already achieved a degree of infamy. A pro-Ukrainian group of white hat hackers stated that they had taken Trigona’s web servers offline in 2023, but evidently Trigona has resurrected itself since.
Claro is a brand of América Móvil, the telecoms business owned by Carlos Slim, the Mexican billionaire who has previously been the richest person in the world.



