Hackers successfully executed a cryptocurrency “ransomware” attack on the Argentine government on November 25th and managed to lock up about 7700 GB of data totaling 10 years of government records.
Servers, databases, and a virtual backup library were reportedly compromised.
“Ransomware” is a type of malicious software designed to lock up data and systems and in some cases steal data in a computer network.
Private companies and public entities, including Starbucks, Boston legal aid and a private heart clinic in Australia, have suffered ransomware attacks.
Malicious software is typically disseminated through emails bearing infectious links opened by unsuspecting employees. Experts say that a good rule of thumb is never to open attachments in unsolicited emails sent without verifying the sender and/or checking with an IT/cybersecurity department.
To date, all but 350 gigs of data locked in the Argentina ransomware attack has been recovered Officials from the cybersecurity firm contracted to help undo the damages believe it will take another 15 days to decrypt remaining data.
Experts reportedly tried for 40 hours last week to restore government systems but failed on Thursday when recovery efforts bumped up against a server particularly damaged in the attack.
The attack was announced on TV by Alicia Bañuelos, Argentina’s Minister of Science and Technology.
Bañuelos said similar attacks have been experienced by telecoms and even security companies in Argentina. She also said the government’s anti-virus software failed to detect the malware until it was too late. An update has now been installed.
“It is a tremendously worrying situation,” said Bañuelos, “and it is not a comfort to know that this happened to companies of all kinds.”
Agencia San Luis says the motive, in this case, was not theft of information but rather a desire to obtain money via a ransom paid in cryptocurrencies.
Cryptocurrencies are forms of autonomous digital money that can be easily transmitted on the Internet without exposing users.
It is not clear from the report whether or not the decryption of the bulk of the data was achieved by the contracted company or was achieved by purchasing a decryption key or decryption services from the hackers themselves.
“We are not sure that who is sending this message is the one who actually made the software. Paying means that these people who do this still have resources to develop tools and continue attacking,” said Bañuelos.