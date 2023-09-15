Illustrative image of a man stealing information from computers. domoyega (Getty Images)

Colombia woke up shaken this Thursday by the aftermath of a massive cyberattack that, for more than 48 hours, has taken over numerous government entities. The web portals of the Judicial branch, the Ministry of Health, the Superintendency of Industry and Commerce, the Superintendence of Health and many other organizations have remained offline for three days. The problem is so serious and complex that the person the Government has commissioned to solve it, the senior presidential advisor for Digital Transformation, Saúl Kattan, assures that he does not have knowledge of how many entities are affected. In a telephone interview with EL PAÍS, he maintains that “the information of millions of people is in the hands of criminals at this moment.”

Kattan leads the Unified Cybersecurity Command Post (PMU Ciber) that the Government established this Wednesday to address the consequences of the hack together with IFX Networks, the multinational whose security was violated on Tuesday morning. But the news is not encouraging yet. Although the PMU Ciber and the company are working with “technological experts of the highest level in the world,” explains the counselor, it is still impossible to know how long it will take to restore services. “The times are uncertain. We talk about hours, but hours can be days,” he admits. Cybersecurity expert Alejandro Navarro says that “a company usually takes a month to reestablish itself after an attack of this style.” However, he warns of the possibility that the consequences could last three to six months.

This Wednesday, the Judicial branch, one of the most affected entities, decided to “suspend the judicial terms [el periodo de tiempo marcado para resolver un proceso judicial] throughout the national territory” until September 20. The decision is due to the fact that the web portals are completely frozen, says criminal lawyer Juan David Bazzani, so there is no way to consult the status of the processes. “You can’t consult anything,” he adds. Faced with the crisis, the branch has enabled an alternative emergency page that “is working more or less well,” explains Bazzani. The criminal lawyer Fabio Humar, with the same problems as his colleague, is not optimistic: “We can’t do anything. They say that next week we should return to normality, but I highly doubt it.”

Other entities hit by the hack are the Ministry and the Superintendence of Health. Kattan warned this Wednesday in an interview with Blu Radio that “the health system is in check.” According to the counselor, the websites of many health centers and EPS are out of service, so patients cannot make appointments and doctors do not have access to medical records. The Ministry of Health has not commented on the situation.

The cyber attack began on Tuesday at 5:50 in the morning, when software attacked several of the IFX Networks virtual machines in Colombia, as confirmed by the company in an official statement. It was carried out with a file of type ransomware, a virus that invades devices, spreads “like wildfire” through their files and “hijacks user information,” says cybersecurity expert Navarro. Hackers usually do this to demand payment in exchange for restoring normality. In conversation with EL PAÍS, Counselor Kattan assures that he does not know if those responsible for the cyberattack have asked IFX Networks for money to restore services. “I don’t think the company can tell us, but the Government is not in favor of paying rewards for absolutely nothing,” he said.

