After the ransomware cyberattack that was announced by the Senate of the Nation last Friday, the Upper House filed a complaint with the Specialized Cybercrime Fiscal Unit (Ufeci). In addition, the order was lowered do not open any computer connected to the network.
The complaint, filed on Friday with prosecutor Horacio Azzolin, a specialist in cybercrime, tries to clarify how the virus could have entered.
“The Senate of the Nation suffered an attack by hackers on January 12 at 4 AM. These types of attacks, called ransomware, have been perpetrated in recent months against various public bodies, the Judiciary and front-line companies,” the Argentine Senate tweeted on Friday.
Ransomware is a type of virus that hijack user information, encrypts it, makes it inaccessible, and asks for a ransom in exchange for returning it.
From the official dependency they moderated the impact of the incident, under the argument that “all information from the Senate is public.” However, the order that was lowered from the authorities was do not open any computerthat is within the network.
In addition, a ransomware implies a security problem that can denote other conflicts within the computing structure of an official entity.
The warning for the staff: do not open the computers
Over the weekend, a text began to circulate and a whatsapp audio. There, the staff who are working during January were asked “not to turn on the computers.”
“I am asking all my fellow Senate members to be on guard: no one can turn on any Senate computer. without previously calling the technological infrastructure management so that they previously check the computer”, says the audio that circulated among the workers of the official dependency.
“Working hard to make a backup of all the information and that there is no infected machine left, that is why it is vital that no one turn on any computer without first talking to someone about computing,” adds the indication.
“Although you can currently work remotely, to access the computers you have to log in and access the Senate’s internal system. They asked us not to enter,” confirmed an adviser to a national legislator to Clarion.
The senate site was down for several days last week. Photo Senate.gob
From the official dependencies they manage secrecy, but according to reports, the group Vice Society would be responsible for the attack. This is a group that uses different types of programs to encrypt information.
“They deploy various types of ransomware, including HelloKitty Y Zeppelin. Lately they have mostly deployed Zeppelin. Like other gangs, they steal information and use the threat as an advantage to demand a payment“, the cybersecurity expert Brett Callow, from Emsisoft, had explained to Clarín. The Vice Society site is currently offline.
One of the ways it operates is through spam, that is, unwanted email, after the execution of attached files.
“We are all the target audience: from companies to the worker who only uses the computer to work. What matters is our data. And, given that, the contact channels can be extremely different: from a web page that supplants the identity of a company, slightly altering its name with repetition of letters, or contacts of the same nature on social networks, going through unmissable offers that arrive in our emails”, Hernán Carrascal from VU, a company specializing in cybersecurity, explained to Clarín.
Experts agree on prevention as a strategy. “At Check Point Software Technologies we believe that the best strategy is to prevent before detecting. When an intrusion or ransomware problem is detected, it is difficult to control, and you can only go ‘behind’ the damage”, added Gery Coronel, Check Point Software Technologies. The problem is clear: once the data is filtered, The damage is already done.
It is not the first time that a state agency has been the victim of a cyberattack. Last year, an unauthorized access managed to extract data from the Renaper and sold it in a forum for buying and selling personal data.
In 2020, the National Migration Directorate suffered a cyberattack that published thousands of personal data of Argentine citizens.
The Senate site was down for several days last week, starting on Wednesday, when the incident occurred.
It is now online again.