On August 27, 2020, Argentina’s Official Immigration Agency and the National Migration Office learned of a cyber-attack on their systems.
The Netwalker ransomware group demanded $4 million. As part of the government response, these agencies closed border crossings for hours.
The attack came via a virus that left ransom notes on agency computers. The program attached itself to Microsoft Windows and Office files and then hid in network folders.
Those responsible for the attack first demanded $2 million dollars. When the immigration agency refused to pay, they upped their ask to $4 million, payable in bitcoin.
The Argentine Ministry of Public Finance described how several tech support calls alerted them to the crime:
At approximately 7 am on the appointed day (August 27) , the Directorate of Technology and Communications (part of the General Directorate of Information Systems and Technology) received numerous calls from various control posts requesting technical support.
In order to halt further infection, officials shut down computer networks. This would give them time to resolve the problem. However, it also ceased border crossings at migration checkpoints. Immigration officials waited four hours until the servers came back online.
Government sources stated that they,
will not negotiate with hackers and are not overly concerned about recovering data.
Presumably, Netwalker will not receive any ransom. Noble as it may be, it also puts user data at risk. Historically, ransomware groups have published stolen data when refused payment.
Outside Argentina: Netwalker and Ransomware
These days, it’s common to find cyber-attacks on major businesses and government entities. Hackers have even hit hospitals with extortion. The Netwalker gang is already a well-known ransomware group. It’s estimated to have made more than $25 million from hijacking computers in 2020.
In recent months, other Latin-American countries have been hit by large cyber-attacks. The State Bank of Chile found itself in a similar situation this week. However, in that case, the hackers used Sodinokibi ransomware, which rendered thousands of bank branches across the nation inoperative.
Elsewhere, Moises Broggi hospital in Catalonia, Spain, suffered a similar attack last weekend. A group of hackers demanded cryptocurrency in return for stolen user data. The attack interfered with patients’ treatment and may have led to negative health effects.
Interestingly, several groups of malicious hackers have pledged not to carry out digital robberies on hospitals during the COVID-19 pandemic. Still, there’s no guarantee that unscrupulous cybercriminals will take this opportunity to lay off.