Argentina's Immigration Office was the victim of a ransomware attack that allowed hackers to steal important data and information from the agency at several checkpoints in the country.
Since August 27, the Migration Office, also known as the National Directorate of Migration (DNM) from Argentina, suffered an attack of ransomware by a group of hackers known as netwalkerLocal media reports that during the attack, hackers were able to hijack important data and information from the country's Interior Ministry, and are now threatening to publish the information if their demand is not met: the payment of a ransom of $4 million. Bitcoin.
During the attack, the National Directorate of Migration was forced to suspend border crossings and close all its operations for more than 4 hours, until the migration control systems were activated again. However, the threat from the NetWalker group continues. The hackers gave the migration authorities until next Wednesday to pay the requested ransom.
It may interest you: Hackers attack Telecom and demand a ransom of $7,5 million in Monero
An attack on multiple border checkpoints in the country
Argentine government officials reported that since August 27, they have been receiving threats from the hacker group, who made multiple calls to the technical support staff of the Migration Office, forcing the staff to report the situation to the entity's government officials. According to reports, the hackers attacked several border control points throughout the country with a ransomware specialized in stealing data and information. For this reason, the Migration Office was forced to close all immigration control systems.
The ransomware is affecting the main Data Control Center and all connected servers; although authorities claim that the data and information seized by the hackers is of intermediate importance, since it is information related to the Federal Intelligence Agency (AFI) of Argentina, as well as information belonging to consulates, embassies, migration flows and others.
On the other hand, hackers have been sending encrypted messages to request the ransom payment from the Migration Office. One of the messages indicates that the payment must be made at the cryptocurrency Bitcoin (BTC).
Likewise, the authorities carrying out the corresponding investigations indicated that the hackers initially requested a ransom of 2 million dollars in BTC, but that after a week of perpetrating the attack, the cybercriminals decided to double the requested amount, currently demanding a reward of 4 million dollars in the cryptocurrency.
«From a Tor website shared by Bleepingcomputer, we have been able to verify that NetWalker (the creators of the ransomware) initially requested a payment of 2 million dollars from the agency.»
The image below clearly shows the ransom amount that the NetWalker hackers are demanding from the National Directorate of Migration.
NetWalker ransomware attack
Cybersecurity expert from Emsisoft, Brett Callow, claims that the ransomware used by the NetWalker hacker group has the ability to hijack information and publish “extracts of the stolen data.” This is done in order to intimidate victims into paying the ransom demanded for the information. According to the specialist, the excerpts are published on a leak site, which allows this ransomware to publish all the hijacked information if the victim of the attack does not pay the ransom within the established time.
In response to the situation, the National Directorate of Migration filed a criminal complaint with the Argentine courts, with the case being handled by Judge Sebastián Casanello. In the complaint, the Migration Office states that the hackers threatened to damage the seized files if the migration authorities try to recover the seized data by means other than those imposed by them, to the point of offering to decrypt a file for free to "prove their level of seriousness." Finally, the complaint states that if the requested amount in Bitcoin is not paid, the hackers threaten to make the stolen information public domain, although one media outlet reports that the authorities will not pay the ransom and are not concerned about the dissemination of the stolen information.
Continue reading: VCrypt Decryptor, Telefónica's tool to detect files affected by VCryptor
