- Hackers compromised Argentina's immigration agency with ransomware and demanded $4 million in Bitcoin.
- The attack put immigration offices and control posts out of service for four hours.
- The attackers were later identified by authorities as NetWalker, a ransomware operation that targets corporate computer networks.
Argentina’s immigration agency, Dirección Nacional de Migraciones (DNM), was the victim of a ransomware attack that temporarily halted border crossings, with hackers demanding $4 million in Bitcoin.
The attack was first reported by the Argentinean government on August 27 to the country’s cybercrime agency, after multiple calls from border checkpoints suggested their computer networks were compromised, according to security news site Bleeping Computer.
Border authorities found that their computer systems, including Microsoft applications and shared folders, were hit by an unidentified virus in the small hours. They took swift action and shut down central servers to prevent the virus from propagating to other systems.
As a consequence, all Argentinean immigration offices and control posts were put out of service for four hours until they were brought online again.
"The Comprehensive Migration Capture System (SICaM) that operates in international crossings was particularly affected, which caused delays in entry and exit to the national territory," the DNM stated.
Ransomware attackers demand $4m in Bitcoin
The attackers were later identified by authorities as NetWalker, a ransomware operation that targets corporate computer networks. Its usual pattern of attack is to encrypt—or put a password on—all Microsoft applications, such as Word, Excel, and Office, on the victim’s network. A ransom is then demanded in return for the password.
The NetWalker hackers who attacked Argentina’s immigration agency flashed a payment message leading to a Tor network page, demanding $2 million in Bitcoin as ransom. This figure was then changed to $4 million after seven days, approximately 355 Bitcoin at the time, as per the report.
In a Tor payment page seen by BleepingComputer, Netwalker originally demanded $2 million for a decryptor the and deletion of stolen files. After seven days, this amount increased to $4 million. pic.twitter.com/CTmjPHshVv
— BleepingComputer (@BleepinComputer) September 6, 2020
However, the officials didn’t budge. They told local news outlet Infobae that they "will not negotiate with hackers and neither are they too concerned with getting that data back."
The report noted that while cyberattacks against local businesses and city administrations are commonplace—indeed, one of Argentina's largest telecoms companies was hit by a ransomware attack in July—this instance may have been the first involving Bitcoin to have directly affected a nation’s border controls.
Ransomware has boomed in recent years, with hackers frequently demanding payments in Bitcoin or other cryptocurrencies. Recent estimates suggest that the cost of ransom attacks to companies totals around $170 billion annually; recent victims include travel management firm CWT, the University of Utah (another NetWalker victim) and even vital health services responding to the coronavirus pandemic.