Argentina’s official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted for 4 hours of the border crossing into and out of the country.
Netwalker Ransomware:
NetWalker (also known as Mailto) is the name given to a reined family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds and demanding ransom amount to recover the encrypted files.
Flooded IT support requests:-
While ransomware attacks against cities and local agencies have become all too common, this may be a first known attack against a federal agency that has interrupted a country’s operations.
Argentina’s cybercrime agency has filed a criminal complaint as The “Dirección Nacional de Migraciones,” Argentina’s official immigration agency, has fallen victim to the NetWalker ransomware gang on August 27, 2020.
The problem became immediately apparent on various border checkpoints that flooded the organization’s IT team with support requests at approximately 7 AM on August 27th.
The Comprehensive Migration Capture System (SICaM) that operates in international crossings was particularly affected, which caused delays in entry and exit to the national territory,” the National Directorate of Migration (DNM) stated.
Ransom of $4 Million in BTC
At once the ransomware attack, ransom notes that will be left on the compromised devices contains links to a dark web payment site that contains how to purchase a decryptor, the ransom amount and the material about any unencrypted files that were lifted during the attack.
According to researchers based on the Netwalker dark web payment site, the ransomware characters initially demanded a $2 million in BTC.
After 7 days passed, hackers double their ransom payment to $4 million after the agency refuses to cooperate.
This Tor site also includes a ‘Stolen Data’ page that displays a screenshot of data stolen from “Migraciones Argentina” during this attack.
According to a government source said, “they will not negotiate with hackers, and neither they are too concerned with getting that data back.”
Increase of Ransomware attacks?
However, municipal governments and corporations suffer from ransomware frequently. At the end of 2019, an Argentinian data firm, San Luis, faced a ransomware attack after 7,500 GB of data was encrypted with the hackers asking anywhere from $37,000 to $370,000 to decrypt the files.
In July this year, Argentina’s largest telco company, Telecom SA, was targeted by a ransomware attack with hackers demanding a $7.5 million payout in privacy-focused cryptocurrency, Monero (XMR). The data was withheld for three days before the company was able to bring back up operations for its customers.
Indicators of Compromise:-
| MD5 | 993b73d6490bc5a7e23e02210b317247 |
| SHA-1 | 6fd314af34409e945504e166eb8cd88127c1070e |
| SHA-256 | de04d2402154f676f757cf1380671f396f3fc9f7dbb683d9461edd2718c4e09d |
| Vhash | 094056651d15756bz1!z |
| File Type | Win32 EXE |
| File Size | 94.00 KB (96256 bytes) |
| Names | ef3ff3f0.exe |
Countermeasure Steps:-
- Have an incident response plan in your organization
- Block the above hashes in your network
- Disable macro scripts
- Restore any impacted files from a known good backup.
Leave A Comment