As per a report published by Bleeping computer, a team of Netwalker ransomware hackers broke into the servers of Argentina’s immigration agency Dirección Nacional de Migraciones, and demanded a sum of $2 million for restoration of the country’s servers.
The hackers had left a message to the immigration agency on Tor payment page saying “Your files are encrypted.” Furthermore, the hackers had demanded the agency to purchase a decrypter program to regain control of servers. Hackers said “Only way to decrypt your files is [sic] buy the decrypter program.”
The hackers group presented evidence of control over the servers by publishing chosen chunk of sensitive info. A week later, the hackers hiked the ransom to 355.8718 Bitcoin (BTC), worth approximately $4 million during that period.
Argentine media outlet Infobae stated that the onslaught efficiently stopped all transits across the Argentine borders for almost four hours. Through shutdown of the system, authorities gained control of computer networks utilized by immigration officers at regional offices and checkpoints offline.
Government officials responded firmly by refusing to “negotiate with hackers.” Furthermore, the officials had stated that they are not worried about regaining access of stolen data.
In a Tor payment page seen by BleepingComputer, Netwalker originally demanded $2 million for a decryptor the and deletion of stolen files. After seven days, this amount increased to $4 million. pic.twitter.com/CTmjPHshVv
— BleepingComputer (@BleepinComputer) September 6, 2020
Even though ransomware hackers do not face any restrictions physically as they operate on virtual space, the incident is noteworthy as it proves the extent to which cyberattack can affect a national government agency.
Brett Callow, a threat analyst and ransomware professional at Emsisoft malware lab stated that such attacks had the ability to cause unwanted delays in addition to expose of crucial data pertaining to the general public.
“In the case of government departments, this is particularly problematic as the data can often be extremely sensitive, and in some cases even represent a risk to national security,” said Callow.
“More than 1 in 10 ransomware attacks now involve data theft, and the list of groups which routinely steal is steadily growing. Consequently, it’s very likely that incidents like this will become more and more common.”