The National Highway Traffic Safety Agency suffered a hack on November 22. This incident was reported to the Specialized Cybercrime Fiscal Unit (UFECI) which is already investigating the issue and scope of this incident.
As he could know Infobae it is a case of ransomware. It is known as ransomware to attacks that consist of kidnapping and encrypting files and then requesting a ransom in cryptocurrencies to return access to that content. If the ransom is not paid, criminals threaten to spread the information. It is not known how much money they ask to avoid this.
On the other hand, a few days ago a screenshot began to circulate on the networks where you can see a screenshot of folders that would have been stolen from the Argentina.gob.ar site. This attack was linked to REvil, also known as Sodinokibi, a type of ransomware attack. Is this attack linked to the highway incident under investigation?
From the Ministry of Innovation of the Government they assured that the site Argentina.gob.ar was not violated. “We have detected that information is circulating regarding an alleged attack and theft of information on the Argentina.gob.ar portal, which is false,” they said from this entity when consulted by Infobae.
And they remarked that in the captures that were disseminated from the REvil blog, there are file names that are not linked to any content on the site.
The folders that are seen in the screen capture disseminated on networks by the cybersecurity company DarkTracer and on the REvil blog, would not belong to the Argentina.gob.ar site, but would be folders from the Highway network, according to official sources .
According to the published publication, the attackers have kidnapped about 50 GB of information, but this data was not confirmed by investigators analyzing the incident. As they explain, computer skills are still being carried out to have more details.
How ransomware works
Ransomware is a type of malware or malicious program that attacks by hijacking content, and then encrypts it to make it inaccessible to the user. Then he asks for ransom so as not to spread the content and return access to the material.
Within the universe of ransomware is what is known as “ransomware as a service” (RaaS) that could be defined as a distribution model that consists of selling the ransomware kit to third parties so that they distribute and use it to infect different organizations . Netwalker, the ransomware that affected Migrations was also part of a ransomware as a service.
RaaS is a relatively new modality, in which different cybercriminal groups offer their services to third parties who want to carry out a ransomware-type attack. These groups grew in recent years, including posting on their blogs searching for “human resources”, in some cases with specifications of even the desired languages or nationalities, which implies the original origin of these groups.