The official immigration agency of Argentina, Dirección Nacional de Migraciones has suffered a netwalker ransomware attack that has temporarily put a shut on border crossing to and fro the country for four hours. While the ransomware attacks against different cities as well as local agencies are not something new, this is surely the first known attack against a federal agency that has put a major hold on the country’s operation.
As per reports published by the cybercrime agency, the government became aware of the ransomware attack after it received many technical support calls from different checkpoints at approximately 7 AM on August 27th.
“Being approximately 7 a.m. of the day indicated in the paragraph above, the Directorate of Technology and Communications under the Directorate General Information Systems and Technologies of this Organization received numerous calls from various checkpoints requesting technical support.”
A report on September 6th published by Bleeping Computer, the national migration department had to suspend border crossing for 4 hours after the attack. The extensible Migration capture System(SICaM) which aids in International crossings were affected causing delays in entry and exit to its soil.
Hackers managed to access the database and plundered the information from the Federal body. They did it with the help of a potent cryptovirus called Netwalker. This strain of ransomware first came into notice last year in September. As it was seen, it uses some real sophisticated methods to encrypt files with the AES cipher. The authorities did not want the ransomware to replicate and multiply itself on other computer networks and hence had to be shut down.
In the beginning, the hackers demanded $2 million worth of Bitcoin for them to unlock files according to a link in the ransomware note. But the authorities did not budge which made them revise their demand to 355 BTC converting to $ million as per current exchange rates.
The attempt to extort BTC, till now has not been going down too well with the immigration agency refusing every attempt at negotiation on the table. As of to date the authorities have confirmed that as a result of this attack, not even a single ounce of personal, corporate, and personal data has been compromised. They are least concerned right now about decrypting the stolen data.
This is surely not the first time that ransomware attacks have been attempted in Argentina. In July this year, Telecom Argentina which is the largest telecom player in the country also came under attack of ransomware. The hackers went on to demand $7.5 million worth of a privacy-oriented cryptocurrency called Monero (XMR). The attack lasted for more than 3 days but the telecom giant was able to get back access to the infected system without expending the huge ransom demand.
USA’s fifth largest travel company, CWT also had to face an attack but sadly it agreed to pay $4.5 million worth of BTC to the attackers. This happened in late July.