The Netwalker ransomware attacked Argentina’s official immigration agency temporarily halting the border crossings for four hours.
The Netwalker ransomware attacked Argentina’s official immigration agency temporarily halting the border crossings for four hours.
According to a criminal complaint published by Argentina’s cybercrime agency, Unidad Fiscal Especializada en Ciberdelincuencia, the agency received numerous tech support calls from checkpoints at approximately 7 am on August 27th.
"This realised that it was not an ordinary situation, so it was evaluated the situation of the infrastructure of the Central Data Center and Servers Distributed, noting activity of a virus that had affected the systems MS Windows-based files (ADAD SYSVOL and SYSTEM CENTER DPM mainly) and Microsoft Office files (Word, Excel, etc.) existing in user’s jobs and shared folders," stated the complaint.
The computer networks used by immigration officers and control posts were shut down to prevent infecting of ransomware to further devices. The attack further led to a temporary suspension of border crossing for four hours while the servers were back online.
According to the National Directorate of Migration (DNM), the Comprehensive Migration Capture System (SICaM) that operates in international crossings was affected, which caused delays in entry and exit to the national territory.
Government sources confirmed that they would not negotiate with Netwalker ransomware operators who demand a $4million ransom. It claims that no sensitive, personal or corporate information has been compromised and they are not concerned about the decryption of stolen data.
According to BleepingComputer, the Netwalker ransomware operators initially demanded a $2million ransom to unlock the files, and the sum doubled after seven days.
Netwalker ransomware
The Netwalker strain was discovered in September 2019, and the operators have been very active during the Covid-19 pandemic to target organisations.
The threat actors initially leveraged phishing emails delivering a Visual Basic Scripting (VBS) loader, but later, Netwalker ransomware operators began exploiting vulnerable Virtual Private Network (VPN) appliances.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?