November 24, 2020

Netwalker Ransomware hit Argentina’s official immigration agency, demands a $4 million ransom

2 min read

In the past few years, vicious incidents such as ransomware attacks on enterprises, schools, and hospitals are not uncommon. Fortunately, in most cases, the attacked organizations are unwilling to pay high ransoms.

Because the more ransoms paid, the more ransomware and attackers are attracted. If most organizations pay, it will eventually lead to more and more rampant ransomware.

Unfortunately, there are actually many institutions that pay the ransom. For example, many well-known universities and local county governments in the United States have chosen to spend money to buy data after they were attacked.

This situation objectively caused more hackers to join the ransomware industry, recently Argentina’s official immigration agency was attacked by Netwalker ransomware.

According to Argentine media reports, at the end of August, the Argentine Border and Immigration Agency, an agency of the Argentine Federal Government, was attacked by ransomware and suspended for four hours.

The Argentine cybercrime investigation agency stated that its information system and communications bureau received a large number of calls from border checkpoints for technical support.

Later, the agency confirmed that the Argentine Federal Border Immigration Administration system was attacked. At that time, a large number of business support servers were encrypted by ransomware.

The main affected are servers running the Windows Server operating system, and a large number of Microsoft Office documents used for data sharing are locked. The interruption caused delays in processing work in and out of the Argentine territory.

Like other ransomware, the ransomware leaves the ransom message in the encrypted file after the attack is completed and requires the Argentine government to pay US$4 million.

Ransomware usually selects key organizations to launch attacks, which has a greater potential impact and is easier to force victim organizations to pay high ransoms as required.

However, the Federal Border Administration of Argentina seems to have data backup or other support systems, and most of the server support systems returned to normal after four hours of interruption.

The Argentine government stated that they will not negotiate with hackers or pay a penny, and even they don’t care about the encrypted data.

It seems that the data should be backed up in response to hacker attacks. If the data is not backed up, the potential consequences should be very serious.

Via: bleepingcomputer