10 Years Worth Of Government Data In Argentina Held Ransom By Ransomware

10/12/2019

There are many reasons why hackers hunger for data. And not just those owned by companies, as government-owned data are also targets.

And here, hackers have attacked a data center in San Luis, Argentina, which houses local government files.

According to Alicia Bañuelos, the country’s Minister of Science and Technology, the attack took place on November 25.

In an interview with Agencia de Noticia de San Luis, a local government digital news outlet, Bañuelos said that the data center had already recovered 90% of the encrypted data.

The government kept the incident under wraps before it was able to thwart the attack.

Originally, about 7,700GB of data, or about 10 years worth data, was compromised as a result of the attack.

"This is a kidnapping of information to demand a rescue and it is an international crime because it is not known where the attack comes from," the official explained.

The Argentinian government fell for this ransomware attack, which planted a malicious software that encrypted its files and left a message demanding payment of money to restore system operation.

"It is a criminal system that intends to obtain money through a specific damage," insisted Bañuelos.

From the moment the attack was found, specialists and technicians found that the malware attacked several components of the data center infrastructure: servers, databases, as well as the virtual backup library (VTL).

They work tirelessly to achieve a solution to this problem.

After experiencing 40 hours of failed system restore, the team tried to rebuild the database of the file system, an official detailed, but clarified that the rest of the systems and infrastructure were still operational.

He explained that the only problems that persisted were the 350GB of the total 7,700GB.

"Decrypting will take us at least fifteen days, because anything we do with such a large file takes a long time to process," Bañuelos announced.

The data center has measures to prevent attacks, as well as to safeguard parameters, by observing patterns of attacks. However, the ransomware went in unnoticed because the system didn't understand the patterns it generated.

"We are also not sure that who is sending this message is the one who actually made the software. On the other hand, paying means that these people who do this, still have resources to develop tools and continue attacking."