The attackers hijacked about 7,700 GB, equivalent to 10 years of information. The amount in Bitcoin requested as a ransom has not yet been determined.
At least 7,700 GB of information from the government of the province of San Luis, in Argentina, was hijacked. The attack on the Data Center, which houses information about the entity, was through a ransomware modality, a type of virus that hijacks data by using encryption and requests a ransom in Bitcoin for their release.
The Minister of Science and Technology of the province, Alicia Bañuelos, said that the attack was conducted on November 25th. During an interview recently, Bañuelos explained that it has already been possible to restore 90% of the data encrypted by the virus.
Even though the amount in Bitcoin requested by the attackers requested in exchange for the hijacked data has not yet been determined, it is said that the ransom could be around 0.5 and 50 BTC. At the time of writing this article, this figure goes from USD 3,791 to USD 379,100, according to the current price of Bitcoin in market data.
Bañuelos explained that Argentina was not willing to pay the aforementioned amount of Bitcoin, since they are not certain that this will guarantee that they will recover their data. On the other hand, it would imply providing resources for future attacks on cybercriminals.
Total False Recovery
Last November 28th, the minister of the province stated that they believed to have achieved total data recovery. However, the process failed and they still cannot decrypt all the files of this year. There are still a total of 350 GB of information that they still cannot recover.
Being disks with so much information, the deadline to recover the data could even reach 15 days, according to the minister. In fact, she said that it had taken them a total of 40 hours to understand that they had failed to recover those remaining 350 GB.
Although Bañuelos believes that there is little material to recover, considering that the attack affected 7,700 GB of information, she admits that the processes related to current files are now paralyzed.
The data recovery process initially involved removing the virus from the system, and then proceeded with decrypting the files. These affected files were not removed by the attackers to the disks of the Data Center, but were encrypted to prevent their access by the organization.
Threat of Ransomware on the Rise
During 2019, the threat of ransomware attacks has been increasing. For the first quarter of the year alone, the amount of ransom in the face of such attacks had risen by 90%, according to a report published by the company Coveware.
That study also reflected a diversification in the types of ransomware. In this regard, the firm said that attacks by this route were becoming more sophisticated as the attackers resorted to more expensive models for hijacking data. During that time, not only ransoms had increased, but also the average length of the attacks.
In addition, in mid-October, a report by the European police, Europol, highlighted an alert on at least 25 types of ransomware. The cybercrime study by the police organization also endorses the sophistication that Coveware was already advancing.
Among the most recent attacks, the most prominent is the one perpetrated against Spanish radio networks and consulting companies. Mexican state oil company, Pemex, was also affected by an attack of this kind, in which the attackers demanded USD 5,000,000 in Bitcoin.
By Willmen Blanco
