Posted on September 8, 2020 at 2:04 PM
A recent report reveals that some cybercriminals have succeeded in launching a ransomware attack on Argentina’s international borders. The attack led to the temporary shutdown of the borders, and the attackers are demanding a ransom in Bitcoin.
Dirección Nacional de Migraciones (DNM), Argentina’s immigration agency, was the main target of the attackers who caused the temporary halt of border crossings. According to the report on the incident, the hackers are demanding a $4 million ransom in Bitcoin, which is one of the safest means of financial transactions for criminals these days.
Networks and computer systems compromised
The Argentine government first reported the attack to the cybercrime agency in the country on August 27. The attack was deemed to bring to the light of the public after several border checkpoints were infiltrated and compromised by the cybercrime group, as reported by Bleeping Computer.
Border authorities found that their networks and computer systems, including shared folders and Microsoft applications, were attacked by an unknown virus in the early hours. The authorities quickly took action by shutting down the rest of the servers to prevent further infiltration of other systems.
As a result of the attack, all Argentinean control posts and immigration offices were rendered out of service for about four hours as the border authorities try to rectify the situation. However, they are now fully back online.
“The Comprehensive Migration Capture System (SICaM) that operates in international crossings was particularly affected,” DMM revealed.
The agency further stated that the incident resulted in delays within the national territory.
Attackers demand $4 million ransom in Bitcoin
After the attacks, the actors later identified themselves as WetWalker, a ransomware group involved in targeting corporate computer networks. Generally, the group has a particular attack pattern, which is to put a password or encrypt the network, making it difficult for the network owners to access their systems. Sometimes they steal important files and data from the systems and sell to the darknet if the ransom demands are not met.
The group can compromise different Microsoft applications, including Office, Excel, and Word, on the victim’s system. Once the attackers succeed, they usually demand a ransom from the victim if they wish to retrieve the password and decrypt the application.
Initially, the NetWalker hacking group sent a message demanding the victim to pay a ransom demand of $2 million to gain back control of their application and network. However, the amount was doubled a week later to $4 million, which is about 355 Bitcoin at the time. No one is sure why the attackers changed their minds and decided to ask for double what they demanded initially.
Officials do not plan to meet hackers’ demand
The Argentinean border officials are adamant and are standing on their ground that they don’t intend to meet the ransom demands by the hackers. They revealed their stance to Infobae, a local news outlet, saying they don’t have any intention of negotiating with the hackers. They also stated they are not too worried about retrieving the encrypted data.
The report on the hacking incident noted that attacks against city administrators and local businesses are very common. But the recent hit on the largest telecom companies in Argentina back in July is a rare one.
This one is also a first, as it affected the nation’s border control directly. Also, the hackers are demanding ransom payments in Bitcoin, which makes it the first instance in Argentine’s border control.
The steady rise of Ransomware attacks
There has been a huge surge in the number of ransomware attacks on business organizations and government institutions. In many of these attacks, hackers demand payments in cryptocurrencies. Such demands make it difficult to track the hackers due to the secured and decentralized nature of crypto transactions.
As a result, authorities are devising means of reducing the rate of money laundering and criminal transactions that use Bitcoin or other cryptocurrencies as the medium of exchange.
The attack on the Argentinean border is another example of hackers’ determination to continue compromising systems and demanding ransoms in exchange for the retrieval of the stolen data.
According to recent estimates, companies lose about $170 billion yearly from ransomware attacks. Recent victims include the University of Utah, travel management company CWT, and several health services actively involved in controlling the spread of coronavirus.