On August 27th, Unidad Fiscal Especializada en Ciberdelincuencia, the cybercrime agency in Argentina, was alerted to a security incident after multiple border checkpoints called in and needed support. After analyzing the situation, the cybercrime agency filed a criminal complaint. A portion of the complaint, translated to English, stated ”…it was not an ordinary situation, so it was evaluated the situation of the infrastructure of the Central Data Center and Servers Distributed, noting activity of a virus that had affected the systems MS Windows based files (ADAD SYSVOL and SYSTEM CENTER DPM mainly) and Microsoft Office files (Word, Excel, etc.) existing in users’ jobs and shared folders.” To avoid the spread of the virus, immigration offices and border control offices had their networks shut off, which caused a four-hour stop of people crossing the borders. The ransomware believed to have been used is Netwalker, and the initial extortion payment requested was $2 million USD. After a week, the payment was upped to $4 million USD. What’s interesting though is government sources have said, “they will not negotiate with hackers and neither they are too concerned with getting that data back.”
: It is encouraging to see that the government of Argentina will not support the operations of ransomware operators by paying their extortion demand, and that they will be able to restore operations and data files. Having secure backups is the first step to be prepared to handle ransomware incidents. Government agencies and private companies should check their backup policies and procedures by regularly testing the ability to restore from backups. Ransomware defense for organizations can be greatly increased by adding a Security Operations Center (SOC) that operates 24 hours a day, seven days a week. Our SOC at Binary Defense will monitor endpoints for signs of intrusion and do their best to stop attacks or slow attacks before they cause greater damage.