The group of cybercriminals known as KillSec has endangered a Mexican company called TMC, which is engaged in the transportation of hazardous materials and waste. KillSec has threatened TMC with leaking thousands of internal files unless they pay a ransom in cryptocurrencies within a six-day period. This group is characterized by finding open servers, extracting information, and then extorting companies by threatening to publish the obtained data if they do not receive the requested payment.
According to cybersecurity expert JayeLTee, KillSec's specialty is identifying vulnerable servers, allowing them to access confidential information. In TMC's case, KillSec published a sample of documents on their leaking site, including payment receipts, invoices, and financial records. Furthermore, it has been revealed that this group's modus operandi could lead to serious consequences for TMC, such as the exposure of their entire database on the dark web, the sale of financial information to fraud groups, or the disclosure of transport routes and logistics that would compromise the safety of shipments.
This incident recalls the case of Paz Mental, another Mexican company that suffered a data leak due to having a misconfigured server. In that case, thousands of sensitive medical records were exposed, putting vulnerable patients at risk of potential fraud and extortion. Both cases reflect a structural problem in cybersecurity among Mexican companies, which often neglect the protection of their cloud servers, making them easy targets for groups like KillSec.
Unlike other ransomware gangs, KillSec specializes in extortion rather than encrypting victims' files. The group identifies open servers and exploits this vulnerability to blackmail affected companies. In TMC's case, about 77,000 documents have been leaked, most of them related to financial matters such as invoices, payment receipts, and bank records. Additionally, references to key companies in sectors such as mining, logistics, and industry have been found, suggesting that sensitive financial data has been exposed.
It is concerning that TMC's server remains exposed and active, indicating that cybercriminals may continue to obtain information continuously. This situation puts the security of the company and its customers at risk, highlighting the importance of taking measures to protect confidential information from potential leaks and extortions.
