Ransomware hackers shut down Argentina’s borders, demand $4M BTC

Officials shut down border checkpoints for 4 hours on Aug. 27
Officials shut down border checkpoints for 4 hours on Aug. 27

Government officials in Argentina are refusing to negotiate with a ransomware group that forced them to briefly close all immigration checkpoints on Aug. 27.

According to a Sept. 6 report on Bleeping Computer, a group of Netwalker ransomware hackers breached Argentina's immigration agency, Dirección Nacional de Migraciones, on Aug. 27 and initially demanded a $2 million payment to restore its servers. 

"Your files are encrypted,” stated a ransom note on a Tor payment page sent to the immigration agency. “Only way to decrypt your files is [sic] buy the decrypter program.”

The group posted a select batch of sensitive data from the agency as proof it was the one responsible for the hack. After a week, the actors increased the ransom to a 355.8718 Bitcoin (BTC) payment — roughly $4 million at the time. 

Argentinian news outlet Infobae reported that the attack effectively halted all border crossings into and out of the country for four hours. During the shutdown, authorities took all computer networks used by immigration officials at regional offices and checkpoints offline. Government officials reportedly said "they will not negotiate with hackers” and are not concerned with retrieving the stolen data.  

Although ransomware hackers are not restricted by borders, the situation in Argentina is a rare example of a cyberattack affecting a national government agency. 

Speaking with Cointelegraph, Brett Callow, a threat analyst and ransomware expert at Emsisoft malware lab, said such attacks had the potential to be both disruptive and involve the leaking of extremely sensitive data to the general public.

“In the case of government departments, this is particularly problematic as the data can often be extremely sensitive, and in some cases even represent a risk to national security,” said Callow.  “More than 1 in 10 ransomware attacks now involve data theft, and the list of groups which routinely steal is steadily growing. Consequently, it’s very likely that incidents like this will become more and more common.”