Hackers paralyzed the Argentine border crossing and demanded a $4 million BTC ransom

On August 27, a hacker group forced Argentina to temporarily close all border crossings through a ransomware attack. The group also stole sensitive data from government agencies and eventually demanded a BTC ransom worth about $4 million in exchange for a decryption program, but Argentine government officials refused to negotiate with the group.

According to Bleeping Computer on September 6, a group of hackers using the Netwalker ransomware virus invaded the Argentine Immigration Bureau (Direccion Nacional de Migraciones) on August 27 and initially demanded that the Argentine government pay $2 million to restore its servers.

“Your files have been encrypted,” reads the ransom demand attached to a Tor payment page sent to the immigration agency. “The only way to decrypt your files is to purchase the decryption program.”

The group released a selection of the agency’s sensitive data to identify the hackers who carried out the attack. A week later, the hackers raised the ransom demand to 355.8718 bitcoins — about $4 million at the time.

Argentinian news outlet Infobae reported that the attack succeeded in paralyzing all border crossings in and out of Argentina for four hours. During the closure, authorities took offline all computer networks used by immigration officials in regional offices and checkpoints. Government officials reportedly said that "they will not negotiate with the hackers" and were not concerned about recovering the stolen data.

While ransomware hackers are not restricted by national borders, the situation in Argentina is a rare example of a cyberattack affecting a national government agency.

Brett Callow, a threat analyst and ransomware expert at Emsisoft Malware Lab, told the media that this attack not only has the potential to cause damage, but also involves leaking extremely sensitive data to the public.

"This is particularly problematic in government situations, where extremely sensitive data may be involved, and in some cases even poses a risk to national security," Callow said. "With more than 1 in 10 ransomware attacks now involving data theft, and the list of hacker groups that regularly steal data growing, it's likely that incidents like this will become more frequent."
Source: Cointelegraph