Home News NetWalker Ransomware Gang Holds Argentina’s Immigration Agency at Ransom

NetWalker Ransomware Gang Holds Argentina’s Immigration Agency at Ransom

covid-19 malware ransomware, netwalker ransomware

Argentina’s immigration agency, Dirección Nacional de Migraciones (DNM), suspended operations for over four hours after its systems were attacked by NetWalker ransomware. In order to free up the affected computers, the operators demanded $4 million worth Bitcoins in ransom. As per a local media report from Infobae, the government authorities said that they “will not negotiate with the hackers and neither are they too concerned with getting that (compromised) data back.”

 Key Highlights 

  • Hackers attacked Argentina’s immigration agency, Dirección Nacional de Migraciones (DNM) in the last week of August.
  • The immigration offices and control posts throughout the country had to be pulled offline for nearly four hours.
  • The SICaM system (Integrated Migration Capture System) used to track international crossings was heavily affected.

In the early hours of August 27, 2020, the DNM’s tech support started receiving multiple calls from various offices stating they were not able to access their Microsoft suite-based files (eg. Word, Excel). On closer inspection, the support team found that their computer systems, including Microsoft applications and shared folders, were hit by a computer virus, which incapacitated their operations. The IT team promptly took precautionary measures to contain the spread by shutting down their central server, which led to the four hours long service outage.

A Million Dollar Ransom Demand

According to the information shared by Bleeping Computers, NetWalker ransomware gang first demanded a ransom of $2 million in exchange of the decryption key. However, with no response from the government authorities, the gang decided to tighten the screws by increasing their ransom demand to 355 Bitcoins (accounting to nearly US$4 million) and releasing a sample of the leaked and encrypted data on the Tor site hosted by the cybercriminals.

Argentina: A Ransomware Hot Bed?

On July 18, 2020, an Argentine telecommunication services provider, Telecom Argentina, reportedly fell prey to a ransomware attack. The effects of the attack were first noticed when the Telecom’s employees started facing issues and lag in their systems while accessing the company’s VPN (virtual private network). The internal security systems instantly set-off the alarms but not before the ransomware was installed in over 18,000 workstations. According to reports and screenshots shared over Twitter, the ransomware gang demanded a ransom worth $7.5 million in Monero (XMR) cryptocurrency. Looking at the similarities in the modus operandi, some of the experts believe that the two attacks could have common perpetrators, although it is just an assumption.