The notorious Netwalker Ransomware has sprung into action again. This time, Netwalker took the lead in what appears to be the first raid against a state agency that practically brought its operations to a temporary halt. The target — Argentina's Immigration Directorate (Dirección Nacional de Migraciones) reportedly did not pay any ransom, yet had to close the country’s borders for 4 hours to handle the crisis.
Escalating Ransom Amount
When Netwalker struck the agency on Aug. 27, it generated a ransom note on each infected device. It told victims their data had been stolen and urged them to go to a Tor payment page for a decryptor. The cyber crooks in charge demanded a $2 million compensation, payable in Bitcoin, in exchange for a decryption tool. They also threatened to put those data out on the Web unless they receive the actual fee. Since Argentinian authorities refused to negotiate, no payment took place at the time. Seven days later, the required ransom amount shot up to the BTC equivalent of $4 million. The government reportedly decided not to bend to the hackers' will, regardless of the consequences. As a result, the crooks appear to have leaked at least a portion of the stolen data online.
As soon as Argentina’s national cybercrime department became aware of the attack, the government shut down the entire computer network deployed by the country's immigration directorate. The shutdown, which was a deliberate move on the government's part, fulfilled a dual purpose — it allowed officials to both clean up all infected devices and prevent Netwalker from spreading any further down the line. However, on the flip side, it blocked all incoming and outgoing border crossings for the next four hours. Checkpoints resumed normal operations following the cleanup.
Now that government-tailored data-stealing ransomware attacks are becoming increasingly common, they may pose significant risks in potential data leaks. While some data may be sacrificed, others may not necessarily be so easy to dispose of, especially if they relate to national security, for instance. That is why cybersecurity should always be treated with the utmost seriousness unless countries are willing to lose millions in extortion every year.