A group of Netwalker ransomware hackers breached Argentina’s official immigration agency, and demanded $4m ransom in bitcoin (BTC) to restore its servers.
Argentina‘s official immigration agency witnessed, on 27 August, a ransomware attack that interrupted the body’s operations.
It was not an ordinary situation, so we evaluated the situation of the infrastructure of the Central Data Center. We detected a virus in the systems MS Windows files and MS Office files in users’ jobs and shared folders.Translation of the complaint
To prevent further damage, the immigration agency shut down computer networks in immigration offices and control posts.
In a similar vein, Argentine government refused to negotiate with the hackers. The ransomware attack forced Argentina to temporally suspend border crossings for four hours until servers got back online.
We will not negotiate with hackers and neither they are too concerned with getting that data back.Government sources – Argentine news site Infobae
The Comprehensive Migration Capture System (SICaM) that operates in international crossings was particularly affected. This caused delays in entry and exit to the national territory.National Directorate of Migration (DNM)
Netwalker Demands $4M Ransom
When the Netwalker performs a ransomware attack, ransom notes will be left on devices that have been encrypted.
“Your files are encrypted,” said a ransom note on a Tor payment page sent to the immigration agency. “Only way to decrypt your files is [sic] buy the decrypter programme.”
Firstly, the Netwalker ransomware hackers demanded $2m to restore the immigration agency servers, BleepingComputer.com reported on 6 September.
However, after seven days, the ransom increased to $4m, or approximately 355 BTC.
The situation in Argentina is a rare example of a cyberattack affecting a national government agency.