Ransomware hackers shut down Argentina’s borders, demand $4M BTC

Published at: Sept. 7, 2020

Government officials in Argentina are refusing to negotiate with a ransomware group that forced them to briefly close all immigration checkpoints on Aug. 27.

According to a Sept. 6 report on Bleeping Computer, a group of Netwalker ransomware hackers breached Argentina's immigration agency, Dirección Nacional de Migraciones, on Aug. 27 and initially demanded a $2 million payment to restore its servers. 

"Your files are encrypted,” stated a ransom note on a Tor payment page sent to the immigration agency. “Only way to decrypt your files is [sic] buy the decrypter program.”

The group posted a select batch of sensitive data from the agency as proof it was the one responsible for the hack. After a week, the actors increased the ransom to a 355.8718 Bitcoin (BTC) payment — roughly $4 million at the time. 

Argentinian news outlet Infobae reported that the attack effectively halted all border crossings into and out of the country for four hours. During the shutdown, authorities took all computer networks used by immigration officials at regional offices and checkpoints offline. Government officials reportedly said "they will not negotiate with hackers” and are not concerned with retrieving the stolen data.  

Although ransomware hackers are not restricted by borders, the situation in Argentina is a rare example of a cyberattack affecting a national government agency. 

Speaking with Cointelegraph, Brett Callow, a threat analyst and ransomware expert at Emsisoft malware lab, said such attacks had the potential to be both disruptive and involve the leaking of extremely sensitive data to the general public.

“In the case of government departments, this is particularly problematic as the data can often be extremely sensitive, and in some cases even represent a risk to national security,” said Callow.  “More than 1 in 10 ransomware attacks now involve data theft, and the list of groups which routinely steal is steadily growing. Consequently, it’s very likely that incidents like this will become more and more common.”

Tags
Technology
Hackers
Argentina
Ransomware
Related Posts
Major Argentine Telecom Falls Victim to $7.5M Monero Ransomware Attack
Telecom, Argentina's largest telecommunications company, has fallen victim to a ransomware attack. Hackers are demanding $7.5 million in Monero (XMR) — an amount that will rise to $15 million if the company does not pay within 48 hours. Argentina's major telephone company, Telecom, just got hacked. Hackers requesting a ransom of $7.5 million in Monero. $XMR pic.twitter.com/AGNvAXh1cg — Alex Krüger (@krugermacro) July 19, 2020 According to El Tribuno, the ransomware attack, which specifically affected Telecom’s call center, took place on July 18. The ransomware was ultimately contained by the Argentinian conglomerate’s IT workers. In a statement issued to local media …
Technology / July 20, 2020
Mac Users Beware — New Ransomware Targets Apple Computers
A new ransomware is targeting macOS users who download installers for popular apps via torrent files. Known as EvilQuest, the attack was first spotted by Dinesh Devadoss, a K7 Lab malware researcher. Findings show that EvilQuest has been quite active since the start of June 2020. Malware lab firms, like Malwarebytes, have found the ransomware attached to pirated macOS software distributed mainly through torrent sites and warez forums. Same BTC address used EvilQuest asks victims to pay a ransom through the same static Bitcoin (BTC) address in every documented attack. One of the first signs that EvilQuest has deployed an …
Technology / July 1, 2020
Celebrities May Have Their Dirty Secrets Exposed if Crypto Ransom Is Unpaid
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
Technology / June 24, 2020
Colorado Hospital Patient Information System Hit by Crypto Ransomware
Hackers have infected the infrastructure of Parkview Medical Center — the largest health center in Pueblo County, Colorado — with cryptocurrency ransomware. Citing a hospital employee, Fox News reported on April 24 that Meditech — the Parkview Medical Center’s system for storing patient information — was infected with ransomware and rendered inoperable. The hospital confirmed the incident in a statement: “On Tuesday, April 21, Parkview Medical Center was the target of a cyber-incident which has resulted in an outage in a number of our IT systems.” As Cointelegraph recently reported, ransomware attacks against hospitals are ongoing, despite the fall in …
Technology / April 29, 2020
Europe’s Largest Private Hospital Hit by Crypto Ransomware Amid Pandemic
Hackers infected the IT infrastructure of the largest private hospital in Europe with ransomware. Cybersecurity news outlet, KrebsonSecurity, reported on May 6 that hackers compromised the IT systems of Germany-based private hospital, Fresenius. An anonymous source reportedly informed the outlet that the hospital’s systems were infected by the ransomware known as Snake. The ransomware in question was discovered earlier this year, and is being actively used to target large businesses. Fresenius spokesperson, Matt Kuhn, reportedly confirmed to KrebsonSecurity that the hack took place: “I can confirm that Fresenius’ IT security detected a computer virus on company computers. [...] As a …
Technology / May 7, 2020