Argentinian immigration attacked by ransomware

The hackers demanded $4 million in bitcoin for decryptor as well as the deletion of the stolen files

Government officials from Argentina’s official immigration agency, the Dirección Nacional de Migraciones, have refused to negotiate with a group of ransomware hackers that forced the country to shut down all immigration checkpoints for a short period on August 27.

A report released on September 6 by Bleeping Computer, a tech news website, reveals that a group of Netwalker ransomware hackers had breached the Dirección Nacional de Migraciones and demanded a $2 million payment to restore their servers.

The hackers sent a ransom note using a Tor payment page. While they pegged their initial demand at $2 million dollars for the decryptor and the deletion of the stolen files, the amount was raised to $4 million after seven days.

A criminal complaint published by Argentina cybercrime agency, Unidad Fiscal Especializada en Ciberdelincuencia, revealed that the government first learned of the attacks after they received several tech support calls from checkpoints at around 7 am.

As proof that they were the group responsible for the hack, they also posted sensitive data from the agency.

Infobae, an Argentinian news outlet, reported that the scale of the attack forced the immigration agency to halt all border crossings in and out of the country for four hours. During this shutdown, the authorities also took all the computer networks that were used by immigration officials at regional offices and checkpoints offline.

The government officials have reportedly stated that they “will not negotiate with hackers”, and are not concerned with retrieving the stolen data.

While ransomware hackers are capable of striking anywhere in the world, this situation in Argentina is one of the rare examples that showcase how a cyberattack can cripple a national government agency. This may be the first known attack against a federal agency that has effectively interrupted a country’s operations.

Threat analyst and ransomware expert at Emsisoft malware lab, Brett Callow, said that these attacks pose a serious security risk.

“In the case of government departments, this is particularly problematic as the data can often be extremely sensitive, and in some cases even represent a risk to national security. More than 1 in 10 ransomware attacks now involve data theft, and the list of groups that routinely steal is steadily growing. Consequently, it’s very likely that incidents like this will become more and more common.”