Argentinian officials are refusing to negotiate with cybercriminals that launched a ransomware attack on the country’s border control systems just over a week ago.
According to a report from local publication InfoBae, the attack took place on August 27 and was aimed at the National Directorate of Migration computer network which is responsible for the functioning of immigration controls into the country.
The cybercriminals gained access to the department’s systems and encrypted a number of files across the network which led to numerous support calls to the IT department of the Migration department.
According to a translated section of the report, the problems across the network were quickly evaluated, with the central data centre and distributed servers being affected by a virus which had targeted the Microsoft Windows files and Microsoft Office files located in employees local and shared folders.
Once the attack had been identified the authorities took a decision to shut down the entire network to prevent any further encryption and theft of sensitive information. One of the major systems affected by the attack was the country’s Integrated Migration Capture System, which is used to register locals and foreigners entering and exiting the country and border control posts.
As a result of the attack and the effect it had on these systems, Argentina’s borders were effectively closed for around four hours while servers were restarted.
Criminal complaint filed
The National Directorate of Migration filed a criminal case following the incident which has outlined the details of the attack.
The cybercriminals made use of the infamous Netwalker ransomware to encrypt and deny access to local files on computers across the department’s network. As the modus operandi of Netwalker goes, the attackers made direct contact with the department via email, demanding a ransom payment in order for the files to be returned and decrypted.
The department’s attorney alleges that the cybercriminals have engaged in extortion which carries a sentence of five to ten years in prison in Argentina.
Government officials reportedly told InfoBae that they would not negotiate with the attackers and are not overly concerned about regaining control of the files that were affected by the ransomware attack. Officials say that the attack did not affect ‘critical infrastructure’ or any overly ‘sensitive, personal or corporate information’ that is stored in its systems.
$4mln ransom in Bitcoin demanded
A follow up report from Bleeping Computer has revealed that the perpetrators of the attack have demanded over $4mln in ransom for the Argentine immigration department to regain control and access of the encrypted files.
The website reports that it was given access to the Netwalker Tor payment page that shows the ransom note to the Argentine National Directorate of Migration. The initial ransom payment demanded $2mln from the department.
After a full week had passed, the ransom was then doubled to $4mln, with payment to be made in Bitcoin amounting to 355 BTC.
Netwalker scores big in the year of COVID-19
As previously reported by The Daily Chain, security software firm McAfee estimates that the Netwalker ransomware has netted cybercriminals over $25mln worth of ransom payments in 2020 alone.
First identified in August 2019 as the ‘Mailto’ ransomware, the ransomware has steadily changed into different iterations that have crippled systems across the world.