New data knocks down the version of the $ 76 million order. Justice investigates how the virus entered the system.
The clock keeps ticking. Every second that advances is one that is lost or that is allowed to run in the arm wrestling that the National Directorate of Migration and a group of international cybercriminals have been leading for days. Last August 27 defenses were breached the country and stole computer information from the offices that depend on the Ministry of the Interior.
That caused that, for more than three hours, Argentina was isolated from the world. No one left the country or was able to enter in that period in which the system was disconnected.
Now, as that countdown comes to an end, new data is known as a site specialized in computer security confirmed that the Netwalker ransomware that they managed to install on the systems demands about 4 million dollars in ransom. That is to say: about 400 million pesos.
Although the first figure that emerged was $ 76 million, computer security specialists had warned that it was an excessively high number for these cases, and that it was probably closer to the 355 bitcoins that, now, it is known that extortionists sue. As of Tuesday, it is the equivalent of 3,541,753 million dollars. The judge expires the term.
The information was published on Thursday of last week on a deep web site, where a countdown to the release of the information can be observed.
“Through a Netwalker link accessible by Tor [un navegador de la deep web] we can see that the initial demand was $ 2 million. After the course of seven days, she went up to 4 million, or about 355 bitcoins, as seen in the following image of the ransomware page of the National Directorate of Migration ”, Lawrence Abrams wrote on his computer security page Bleeping Report.
Abrams is a computer expert and, in particular, of this type of software that infected Migrations: ransomware, which usually asks for a sum of money in exchange for returning the hijacked information. For every extortion, Netwalker generates a link to make the payment.
The Interior Ministry confirmed to Clarín that the ransom figure ranges from 4 million dollars. They did so after several days in which the secrecy on the subject was maintained, after the judicial complaint that was in charge of Judge Sebastián Casanello.
The magistrate delegated the investigation of the case to the federal prosecutor Guillermo Marijuán, who in turn required the help of the Specialized Cybercrime Fiscal Unit, Horacio Azzolin.
The magistrate delegated the investigation of the case to the federal prosecutor Guillermo Marijuán, who in turn required the help of the Specialized Cybercrime Fiscal Unit, Horacio Azzolin. The complaint indicates that the virus affected Windows files (ADAD SYSVOL and SYSTEM CENTER DPM mainly) and Microsoft Office files (Word, Excel, etc.) of users’ workstations and shared folders.
“Having detected that the workstations had been attacked preventing the normal operation for the attention to the public, both in administrative headquarters and in checkpoints, in a preventive way the network services were suspended in order to prevent the propagation in the servers , which affected the operation of DNM applications, “Migrations added, Migrations added in the presentation, to which he had access Clarion.
One sensitive area suffered the attack more than others: Integrated Migration Capture System (SiCaM) that is used in international steps to detect whether people wanted by the Justice try to enter or flee Argentina.
The agency denounced the group of cybercriminals for four crimes:
–Extortion, due to the claim to purchase a program to decrypt stolen documents
–Aggravated damage, for the damages in the border crossings.
–Illegitimate access to a computer system with restricted access, due to the penetration of the DNM network.