Ransomware Group Demands $4M in Bitcoin from Argentina, Border Activity Halted for 4 Hours

Shine Li   Sep 07, 2020 08:41

A Bitcoin ransomware attack was directed towards Argentina’s immigration agency, halting border crossing temporarily.

Netwalker Malware Strikes Again

It appears as though the notorious ransomware group Netwalker has struck again with their infamous cryptocurrency demands.

According to the computer support platform Bleeping Computer, this may be the first time that a cyber attack on a federal agency has effectively interrupted a country’s global operations. Argentina’s cybercrime agency—Unidad Fiscal Especializada en Ciberdelincuencia—caught wind of the Bitcoin ransomware attack when multiple checkpoints called in for tech support on August 27.

After further investigations from the Central Data Center and Servers Distributed, a virus infecting MS Windows and Microsoft Office files were discovered. The malware, Netwalker, is reputed to be a powerful virus used in numerous cryptocurrency ransom attacks in the past. It functions by encrypting documents using an Advanced Encryption Standard (AES) cipher, which is often leveraged by government bodies to protect classified information. Ransom notes were also found on the encrypted devices, and the Netwalker group made their demands through them.

In exchange for a safe release of the stolen private data, Netwalker hackers asked for a $2 million ransom in Bitcoin from Argentina’s immigration office. They also linked a dark web payment site with details containing information about how to purchase a decryptor, sensitive data from their attack as proof that it happened, and the ransom amount. In an email to the immigration office, hackers said:

“Do not try to recover your files without a decryptor program, you may damage them and then they will be impossible to recover.”

As their crypto requests were not granted after several days, the hackers increased the ransomware sum to $4 million in Bitcoin, which translates to roughly 355 Bitcoins (BTC). On the Tor website through which they issued their demands, it read: “Payment expired! New price: 4,000,000 $ (355.87180000 BTC).”

Officials unfazed by Bitcoin extortion

To ensure that the ransomware attack did not spread on to other servers, the immigration office of Argentina shut down its computer networks and temporarily suspended border crossing for four hours. Because some of the servers were particularly compromised, there were delays for entry and exit at the Argentinian border, as cybersecurity experts scrambled to resolve the issue.

Argentinian government officials were reluctant to comply with the ransomware hackers’ demands, disclosing to local news outlet Infobae that “they will not negotiate with hackers and neither are they too concerned with getting that data back.” Argentina’s immigration agency refused to be intimidated, calling the Netwalker ruse an extortion crime that could be punishable with 5-10 years of imprisonment.

Netwalker group is Bitcoin hungry

Netwalker ransomware group has notoriously engaged in cybercrime since September 2019, with their most recent attack affecting the University of California, San Francisco. After a week-long negotiation, a sum of 118 Bitcoin was finally agreed upon between the educational institution and the ransomware group.


Image source: Shutterstock

Read More