Crypto ransomware freezes 10 years of Argentina government’s data

Getting your Trinity Audio player ready...

BTC scammers have struck in Argentina, with a server holding 10 years of government data locked by ransomware.

According to local media, the hackers identified and infected a government server storing a decade’s worth of encrypted government files, freezing access on demand of payment in BTC.

The attack is thought to have taken place on November 25, with the government scrambling since to recover the data. To date, it is thought that up to 90% of the data has been recovered, leaving at least 10% still beyond the reach of the government.

Alicia Bañuelos, minister of Science and Technology of the local government in San Luis, said decrypting the data could take as long as 15 days, based on the sheer size and volume of files compromised in the attack.

The size of the ransom demand has not been publicly exposed, though reports suggest it could be as much as 50 BTC, equivalent to around $370,000.

The hack shows the vulnerability of government data centers to ransomware attacks, with several high profile examples of governments being targeted in the recent past.

In the last few days, a U.S. government data center was compromised by a strain of ransomware known as Sodinokibi, which previously netted scammers as much as $281,000 in just three days of attacks.

Similarly, the government of the City of Johannesburg was targeted back in October, with data stolen from government servers. Scammers threatened to leak the data online if the government refused to pay a ransom totaling 40 BTC, or around $300,000.

Governments remain a principal target for BTC scammers, who prey on insecure or outdated systems to demand their ransoms.

Private companies are also being targeted on a regular basis, most recently multinational security giant Prosegur, which was held to ransom by crypto malware just two weeks ago.

The Argentina hack shows that this remains an ongoing problem, and one that government agencies of all kinds should take steps to protect against, to avoid compromising sensitive data.