Argentinian Immigration Agency Suffers Downtime Due to Ransomware Attack

Written by Bill Toulas
Last updated September 17, 2021

The “Dirección Nacional de Migraciones,” Argentina’s official immigration agency, has fallen victim to the NetWalker ransomware gang on August 27, 2020. The problem became immediately apparent on various border checkpoints that flooded the organization’s IT team with support requests. This is the same gang that recently breached a cyber-security startup.

Related: Cyber Threat Startup ‘Cygilant’ Suffered a Ransomware Breach

The security incident caused a four-hour downtime during which no one and nothing could get in and out of the country. The details of what actually happened came through a criminal complaint that was now published by Unidad Fiscal Especializada en Ciberdelincuencia, Argentina’s cybercrime agency.

When the immigration agency realized that the reports of technical problems came from multiple checkpoints, they took down the central data center to prevent the further distribution of the virus. Unfortunately, by then, the ransomware had already affected SYSVOL, system center DPM, all MS Office documents stored on the servers, shared folders, and more. The drastic shutting-down response took offline the “SICaM” system, which is used for border crossings, helping the officers register entries and exits as required by law.

The documents that have been encrypted and exfiltrated contain sensitive personal information about travelers, dating as far back as in 2016, so the data breach aspect of this incident is pretty dire too. Of course, NetWalker needs this particular element in order to extort the Argentinian authorities and make them pay the demanded ransom. Still, in this case, this is not going to be that straight forward.

The agency’s attorney, Maria Eugenia Lachalde, has stated that NetWalker demanded a payment of $2 million, which was raised to $4 million after a week passed without a resolution. The payment was requested in Bitcoin, and the processing was to be made on a Tor portal. The actors have posted screenshots of the stolen files to raise the extortion heat, but the Argentinian state has made it clear that it won’t budge.


Source: Bleeping Computer

On the contrary, they are initiating legal action against the hackers and have placed them at the higher end of the criminal ladder. Of course, this doesn’t mean much. Finding and arresting NetWalker actors remains a lucid dream, not only for the Argentinian law enforcement authorities but also for the FBI and the Europol.

Still, it sends the message that no negotiation will occur, even if this means innocent people will pay the price with yet another privacy breach added on their backs.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: