The past couple of days have not been smooth sailing for Argentina’s immigration agency after a cybersecurity breach.
Hackers who paralyzed Argentina’s borders in a ransomware attack are demanding to be paid $4 million worth of bitcoin before they can decrypt the files.
Ransomware Extortionists Demand $4 Million In Bitcoin
A group of cybercriminals successfully initiated a ransomware attack on Argentina’s immigration agency, Dirección Nacional de Migraciones, which stole sensitive information and briefly stopped border crossing in Argentina.
The hackers are demanding millions in bitcoin in exchange for decryption instructions. As reported by Bleeping Computer on Sept.6, the Argentinian government became aware of the ransomware scheme on August 27th after numerous calls from the technical team at the border points hinting that the immigration agency’s computer networks had been infected with an unknown virus.
“(The team) realized that it was not an ordinary situation, and evaluated the Central Data and Distributed Servers infrastructure, noting the activity of a virus that had affected the system’s MS Windows-based files (mainly ADAD SYSVOL and SYSTEM CENTER DPM) and Microsoft Office files (Word, Excel, etc.) in users’ jobs and shared folders.”
To prevent the malware from spreading to other networks, they closed all computer systems used by the immigration offices and control posts. Consequently, the border crossings were halted for four hours until the servers were brought back online.
The ransomware crooks later identified as NetWalker initially sought $2 million in bitcoin. A week later, they doubled the ransom to $4 million (or 355.8718 bitcoins at press time).
Argentinian Government Refuses To Negotiate With The Hackers
Despite the hackers’ crippling activities at the borders and stealing information, the Argentinian government has declined to pay the demanded ransom.
The authorities told local publication Infobae that the hackers did not get to the core systems of the immigration agency and they also did not access any sensitive information. As such, they are not planning to negotiate with the cyber criminals nor are they too worried about retrieving the stolen information.