Hackers demand $4 million worth Bitcoin from Argentina after a ransomware attack on the country’s immigration agency
The hack can be disruptive and also involve the leaking of extremely sensitive data to the general public, say experts
Argentina’s official immigration agency, Dirección Nacional de Migraciones, is facing a Netwalker ransomware attack that forced them to briefly close all immigration checkpoints on August 27.
According to a September 6th report on Bleeping Computer, the hackers breached the government agency’s security walls and initially demanded a $2 million payment to restore its servers. After a week of the hack, the actors have increased the ransom to a 355.8718 Bitcoin (BTC) payment — roughly worth $4 million.
“Your files are encrypted,” stated a ransom note on a Tor payment page sent to the immigration agency. “Only way to decrypt your files is to buy the decrypter program,” it added. The hackers have also released a selected bunch of sensitive data from the agency’s servers to prove that it is responsible for the hack.
The government first learned of the ransomware attack after receiving numerous tech support calls from checkpoints at approximately 7 AM on the day of the attack, the report stated. After realizing that the situation was not ordinary and noting that files, especially, those based on MS Windows were affected, the agency shut down the computer networks used by the immigration offices and control posts to prevent further damage.
“The Comprehensive Migration Capture System (SICaM) that operates in international crossings was particularly affected, which caused delays in entry and exit to the national territory,” the National Directorate of Migration (DNM) said.
While ransomware attacks against local agencies have happened before, this may be a first known attack against a federal agency that has interrupted a country’s operations. The government officials are presently refusing to negotiate with the hackers. The officials have also reportedly commented that they are not concerned about the stolen data.
Brett Callow, a threat analyst and ransomware expert at Emsisoft malware lab told CoinTelegraph that such attacks had the potential to be both disruptive and involve the leaking of extremely sensitive data to the general public.
“In the case of government departments, this is particularly problematic as the data can often be extremely sensitive, and in some cases even represent a risk to national security,” said Callow.
“More than 1 in 10 ransomware attacks now involve data theft, and the list of groups which routinely steal is steadily growing. Consequently, it’s very likely that incidents like this will become more and more common,” he added.