According to a Sept. 6 report published by Bleeping Computer, Argentina’s National Migration Department had to suspend border crossing for four hours after being crippled by a ransomware attack that occurred on Aug. 27:
“The Comprehensive Migration Capture System (SICaM) that operates in international crossings was particularly affected, which caused delays in entry and exit to the national territory.”
A $4 mln Bitcoin ransom
Hackers were able to gain access to the database and steal information from the federal agency with the help of a powerful cryptovirus called Netwalker.
This ransomware strain, which was first discovered back in September 2019, uses sophisticated techniques to encrypt files with AES cipher.
Not to allow the ransomware to replicate itself on other computer networks, they had to be shut down.
Initially, the hackers demanded a $2 mln worth of Bitcoin to unlock files, according to the dark web payment page linked in their ransomware note. In one week, this sum increased to 355 BTC (around $4 mln at current exchange rates).
The extortion attempt isn’t faring well so far since the immigration agency refuses to negotiate with the attackers. It claims that no sensitive, personal, or corporate information has been compromised, and they are not concerned about decrypting the stolen data.
More high-profile attacks
In July, Telecom Argentina, the largest telecommunications company in the country, also became a victim of ransomware, with hackers requesting $7.5 mln worth of privacy-focused cryptocurrency Monero (XMR).
The attack lasted more than three days but Telecom Argentina was able to restore access to infected computers without having to shell out the hefty ransom.
As reported by U.Today, CWT, America’s fifth-largest travel company, agreed to pay $4.5 mln worth of BTC to extortionists in late July.