It is a well known ransomware called NetWalker. The Interior Ministry has already denounced the episode and the attackers for extortion. They would claim about 76 million dollars.
A ransomware attack known as NetWalker seized information from the National Directorate of Migration (DNM) and threatens to publish these data from the Ministry of the Interior if a millionaire payment is not made. There is talk of 76 million dollars. The deadline is next Wednesday.
Like other ransomware, NetWalker publishes excerpts of stolen data in a so-called ‘leak site’. If the victim does not pay, the entire stolen data is published. In this case, it will happen in a span of 5-6 days”, He explained to Clarion Brett Callow, Threat Analyst at the Cybersecurity Company Emsisoft, which confirmed the attack.
The data published in this case were disseminated through a screenshot where you see folders that refer to the Federal Intelligence Agency (AFI), consulates, embassies and reports of migratory flows. There you also see the period of time in which the information will be published.
Sources of the Ministry of the Interior, in charge of Eduardo “Wado” by Pedro, they confirmed to Clarion the computer incident and they assured that they had already filed a criminal complaint in this regard that was left in the hands of Judge Sebastián Casanello.
The complaint, to which this medium had access, reproduces the threatening message of the hackers:
“Do not try to recover your files without a decryption program, you could damage them and leave them in unrecoverable condition. For us this is business and to prove our seriousness, we will decrypt a file for you at no cost. Open our site, upload the encrypted file and you will have the file decrypted for free. Also, your information may have been stolen and if you do not cooperate with us, it will become publicly available on our blog “
As they explained, a virus entered a Migrations For security reasons, the system was disconnected to preserve the database, which meant that for three hours the five land border posts, the Ezeiza airport and the Buquebus terminal were without a system and closed during that period. That is to say: no one could enter or leave the country during those hours.
The alarm was lit when at 7 am on August 27, the Migration Systems area received numerous calls from various checkpoints requesting technical support. The number of reports, from different parts of the country, realized that it was not a normal situation, but a cybercriminal maneuver.
After the attack, a technical expertise was carried out and the operation was corroborated by checking against the database. From that operation it was documented what computers were compromised and everything was included in the criminal complaint filed that Casanello is now investigating.
In this context, this international cybercriminal organization appeared asking for a millionaire ransom, and the judicial presentation was expanded with this new information and the screenshots that now circulate on social networks.
For that reason, it was added the accusation of extortion to criminal action. “Experts tell us that it was not possible to access the database, but rather folders on different computers,” explained official sources. It is file 6853/2020, filed with the Specialized Cybercrime Fiscal Unit.
From what these capture files show, cybercriminals could have accessed files hosted on those computers on criminal intelligence, files of terrorists with prohibited entry into the country, but “not sensitive information,” they explain.
The image posted by the cyber attackers shows a screen with 22 folders with the following names: “ABM”, “AFI”, “CAJA”, “INTERPOL TRAINING”, “CEDULA ARGENTINA”, “CHINOS CORRIENTES”, “CONSULADO DE COLOMBIA “,” CONTRACTS “,” DELEGATION BETWEEN RÍOS “,” US EMBASSY “,” EMBASSY OF MEXICO “,” EMBASSY OF ROMANIA “,” EMBASSY OF THE PHILIPPINES “,” ESCANER_GRANDE “,” INTERPOL REPORT OF MIGRATORY FLOW “,” INTERNATIONAL INITIATIVE FROM ACCELER … “,” MEMO 31-15 DATA RECOVERY “,” MEMO 43-16 MOTA 37-15 “,” MEMO 281 – 15 AFRICANS “,” MEMO 293-15 “,” MEMO 1461 – 2015 “.
The names of these files could give account of information linked to the Federal Intelligence Agency (AFI), diplomatic information on various embassies, and even data from the international police Interpol.
In the Government they compare the attack with that suffered by Telecom last July. On July 19, ransomware affected the telephone company’s customer service systems. Since Russia, they had requested a sum that was estimated between 7.5 and 25 million dollars, but they did not succeed. It was similar, in turn, to the massive account hacking that high-profile personalities suffered in the United States in mid-July.
In parallel, they pointed out from Migrations, now they are working with Computer Security to see what went wrong and how hackers could breach the system. Due to what happened, in addition, the director of Information Security in charge of the unit, who had been in that position for 25 years, was dismissed from his position.