Hackers Breach Argentine Immigration Agency, Demand BTC Ransom

Ransomware Attack against Argentina's Immigration Agency

A group of Netwalker ransomware hackers breached Argentina’s official immigration agency, and demanded $4m ransom in bitcoin (BTC) to restore its servers.

What Happened?

Argentina‘s official immigration agency witnessed, on 27 August, a ransomware attack that interrupted the body’s operations.

The government first learned of the ransomware attack after receiving numerous tech support calls from checkpoints, according to a criminal complaint published by Argentina’s cybercrime agency.

It was not an ordinary situation, so we evaluated the situation of the infrastructure of the Central Data Center. We detected a virus in the systems MS Windows files and MS Office files in users’ jobs and shared folders.

Translation of the complaint


To prevent further damage, the immigration agency shut down computer networks in immigration offices and control posts.

In a similar vein, Argentine government refused to negotiate with the hackers. The ransomware attack forced Argentina to temporally suspend border crossings for four hours until servers got back online.

We will not negotiate with hackers and neither they are too concerned with getting that data back.

Government sources – Argentine news site Infobae

The Comprehensive Migration Capture System (SICaM) that operates in international crossings was particularly affected. This caused delays in entry and exit to the national territory.

National Directorate of Migration (DNM)

Netwalker Demands $4M Ransom

When the Netwalker performs a ransomware attack, ransom notes will be left on devices that have been encrypted.

“Your files are encrypted,” said a ransom note on a Tor payment page sent to the immigration agency. “Only way to decrypt your files is [sic] buy the decrypter programme.”

Firstly, the Netwalker ransomware hackers demanded $2m to restore the immigration agency servers, BleepingComputer.com reported on 6 September.

However, after seven days, the ransom increased to $4m, or approximately 355 BTC.

The situation in Argentina is a rare example of a cyberattack affecting a national government agency.

0 0 vote
Article Rating
Share this page
Notify of
Inline Feedbacks
View all comments
Sally ElShorbagy 25 Articles
Sally ElShorbagy is a freelance journalist and translator who currently covers the future of the cryptocurrencies and the digital economy revolution.