Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Gang Hacks Ecuador’s Largest Private Bank, Ministry Of Finance

Ransomware Gang Hacks Ecuador’s Largest Private Bank, Ministry Of Finance

A hacking group called ‘Hotarus Corp’ has hacked Ecuador’s Ministry of Finance and the country’s largest bank, Banco Pichincha, where they claim to have stolen internal data.

The ransomware gang first targeted Ecuador’s Ministry of Finance, the Ministerio de Economía y Finanzas de Ecuador, where they deployed a PHP-based ransomware strain to encrypt a site hosting an online course.

Ministerio de Economía y Finanzas de Ecuador website
Ministerio de Economía y Finanzas de Ecuador website

Germán Fernández told BleepingComputer that the threat actors are using a commodity PHP ransomware called Ronggolawe (or AwesomeWare) to encrypt the site’s contents.

Also Read: How Bank Disclosure Of Customer Information Work For Security

Soon after the attack, the threat actors released a text file containing 6,632 login names and hashed password combinations on a hacker forum.

Leaked login info for the Ministry of Finance
Leaked login info for the Ministry of Finance

The ransomware gang told BleepingComputer that they have stolen “sensitive ministry information, emails, employee information, contracts.”

Targeted Banco Pichincha next

After the Ministry of Finance attack, Hotarus Corp hacked Ecuador’s largest private bank, Banco Pichincha.

The bank has confirmed the attack in an official statement but states that it was a hacked marketing partner and not their internal systems.

Banco Pichincha goes on to say that the attackers used the compromised platform to send phishing emails to customers to attempt to steal sensitive information to carry out “illegitimate transactions.”

The bank’s full translated statement can be read below.

“We are committed to protecting the privacy of our customers’ data. We know that there was unauthorized access to the systems of a provider that provides marketing services for the Pichincha Miles program. In relation to this information leak, and based on an extensive investigation, we have found no evidence of damage or access to the Bank’s systems and, therefore, the security of our clients’ financial resources is not compromised.

We know that, through a fraudulent email, the attacker sends communications on behalf of Banco Pichincha to some clients of said program in order to obtain information necessary to carry out illegitimate transactions. We remind our clients that we never request sensitive data such as: users, passwords, card or account data, through the phone, email, social networks or text messages.

We are taking measures to prevent and mitigate these types of situations related to the handling of data by our providers. We understand and share the concerns of the people whose information has been exposed, and we ratify our commitment to their security.” – Banco Pichincha

In an interview with BleepingComputer, the hacking group disputes the bank’s statement and says they used the marketing company’s attack as a launchpad into the bank’s internal systems. They then stole data and deployed ransomware to encrypt devices.

“Look at the attack on the bank, initially on a company that develops web applications and marketing to the bank, after analyzing codes and data it gave us the opportunity to access the bank’s internal systems, it was where we used a ransomware, extracting all the possible information.”

“Once inside we found vulnerabilities in their applications exploits in ftp and rdp ports which helped us to escalate privileges,” the threat actors told BleepingComputer.

Through this attack, the hacking group claims to have stolen “31,636,026 Million customer records & 58,456 Sensitive system records,” including credit card numbers.

As proof of their attack, the hacking group shared various images of the allegedly stolen data, including the following folder of files.

Allegedly stolen data from Banco Pichincha
Allegedly stolen data from Banco Pichincha

BleepingComputer has not been able to verify the threat actors’ claims of stealing data from the Ministry of Finance or Banco Pichincha.

Also Read: Data Protection Framework: Practical Guidance For Businesses

In it for the money

The threat actors have told BleepingComputer that they are performing these attacks solely for the money.

They state that they are not currently selling the data stolen from the Ministry of Finance but are in the process of selling credit cards they claim to have stolen from Banco Pichincha.

“Currently only the bank information is for sale, we have already sold about 37 thousand credit cards to a group dedicated to this, the information will be auctioned or sold initially for 250,000,” a Hotarus Corp operator told BleepingComputer.

We have reached out to Ecuador’s Ministry of Finance and Banco Pichincha to learn more about the attacks but have not heard back at this time.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us