Hackers Shut Down Argentina Border, Demand $4,000,000 Bitcoin Ransom

A group of hackers managed to briefly shut down a border crossing in Argentina after successfully launching a ransomware attack and stealing sensitive data.

The cybercriminals are demanding millions of dollars worth of Bitcoin after infecting the computer systems of Argentina’s border control agency, Dirección Nacional de Migraciones, reports BleepingComputer. A criminal complaint filed by Argentinian cybersecurity agency Unidad Fiscal Especializada en Ciberdelincuencia reveals that the government was alerted that an attack was underway after receiving calls from multiple checkpoints requesting tech support during an apparent NetWalker-style ransomware attack on their computer systems. 

“(The team) realized that it was not an ordinary situation, and evaluated the Central Data and Distributed Servers infrastructure, noting the activity of a virus that had affected the system’s MS Windows-based files (mainly ADAD SYSVOL and SYSTEM CENTER DPM) and Microsoft Office files (Word, Excel, etc.)  in users’ jobs and shared folders.” 

A NetWalker ransomware targets computer systems, encrypts files, and demands payment in digital assets for the safe return of the encrypted data.

According to Argentinian news site Infobae, border crossings were halted for four hours as the Comprehensive Migration Capture System (SICaM), which monitors international crossings, rebooted all their servers, causing delays for people entering or exiting the country. 

In addition, BleepingComputer reports that the original ransom demand was $2 million worth of BTC, but the hackers doubled their price to $4 million or 355 Bitcoin after 7 days. So far, it appears that the Argentinian government has not cooperated with the hacker. Infobae reports that the country’s government will not negotiate with the cyber thieves and it is worried about the safe return of the data.