Argentinian Immigration Agency Suffers Downtime Due to Ransomware Attack

• The Argentinian immigration agency had to take its systems offline for four hours while dealing with malware.
• The actors who hit the agency belong to the NetWalker ransomware scheme, and they are demanding $2 million.
• The Argentinian state isn’t willing to strike a deal with criminals, so traveler PII will soon be leaked online.

The “Dirección Nacional de Migraciones,” Argentina’s official immigration agency, has fallen victim to the NetWalker ransomware gang on August 27, 2020. The problem became immediately apparent on various border checkpoints that flooded the organization’s IT team with support requests. This is the same gang that recently breached a cyber-security startup.

Related: Cyber Threat Startup ‘Cygilant’ Suffered a Ransomware Breach

The security incident caused a four-hour downtime during which no one and nothing could get in and out of the country. The details of what actually happened came through a criminal complaint that was now published by Unidad Fiscal Especializada en Ciberdelincuencia, Argentina’s cybercrime agency.

When the immigration agency realized that the reports of technical problems came from multiple checkpoints, they took down the central data center to prevent the further distribution of the virus. Unfortunately, by then, the ransomware had already affected SYSVOL, system center DPM, all MS Office documents stored on the servers, shared folders, and more. The drastic shutting-down response took offline the “SICaM” system, which is used for border crossings, helping the officers register entries and exits as required by law.

The documents that have been encrypted and exfiltrated contain sensitive personal information about travelers, dating as far back as in 2016, so the data breach aspect of this incident is pretty dire too. Of course, NetWalker needs this particular element in order to extort the Argentinian authorities and make them pay the demanded ransom. Still, in this case, this is not going to be that straight forward.

The agency’s attorney, Maria Eugenia Lachalde, has stated that NetWalker demanded a payment of $2 million, which was raised to $4 million after a week passed without a resolution. The payment was requested in Bitcoin, and the processing was to be made on a Tor portal. The actors have posted screenshots of the stolen files to raise the extortion heat, but the Argentinian state has made it clear that it won’t budge.

On the contrary, they are initiating legal action against the hackers and have placed them at the higher end of the criminal ladder. Of course, this doesn’t mean much. Finding and arresting NetWalker actors remains a lucid dream, not only for the Argentinian law enforcement authorities but also for the FBI and the Europol.

Still, it sends the message that no negotiation will occur, even if this means innocent people will pay the price with yet another privacy breach added on their backs.