Argentina’s border crossings shut down for over four hours on August 27 following the attack.

Dirección Nacional de Migraciones, Argentina’s official immigration agency, suffered a Netwalker ransomware attack in late August. According to Bleeping Computer, which quoted from a criminal complaint published by Unidad Fiscal Especializada en Ciberdelincuencia, Argentina’s cybersecurity agency, the government was alerted of the attack when border checkpoints started calling up with technical problems early in the morning on August 27.

MS-Windows and MS Office affected

The complaint stated that the virus affected the systems MS Windows-based files (ADAD SYSVOL and SYSTEM CENTER DPM mainly) and Microsoft Office files (Word, Excel, etc.) existing in users’ jobs and shared folders.

The government and the immigration agency shutdown computer networks including servers to prevent the ransomware virus from proliferating further by infecting new computers.

The shutdown of the computer network led to a temporary suspension of border crossings for four hours.

A ransom demand of $4 million

The Netwalker criminals reportedly made an initial ransom demand of $ 2 million. Apparently, the government refused to negotiate with the hackers and said they are not concerned about getting the data back.

After seven days, the attackers increased the ransom demand to $ 4 million, approximately equivalent to 355 bitcoins.

The “Invoice” showed its status as “waiting for payment” and remarked:

“You can buy the decryptor program for your network.”

“Payment expired! New price: $4000000 (355.87180000 BTC)”

The criminals also attached details of data they allegedly stole from Dirección Nacional de Migraciones with their ransom demand.

Sensitive data

According to threat analyst and ransomware expert, Brett Callow, who was speaking to CoinTelegraph, incidents of data theft had become increasingly common.

“More than one in 10 ransomware attacks now involve data theft,” he said. “In the case of government departments, this is particularly problematic as the data can often be extremely sensitive, and in some cases even represents a risk to national security.”

In July, a group known as Gold Southfield used the infamous software “REvil Ransomware” to attack Telecom Argentina. They then demanded a ransom payment of $ 7.5 million.

Related Story: $7.5M Ransomware Attack on Telecom Argentina