Cyberattack on CNV: Hackers posted stolen data on the “dark web” and are demanding payment


In a blog post, Meduza said the data theft was reported to CNV, the body that regulates and oversees Argentina’s capital markets.

On June 7, cybercriminals who broke into the systems of the National Securities Commission (CNV) released some of the stolen information in an attempt to pressure the agency into paying a $500,000 ransom for the return of 1.5 terabytes of stolen information. The hacker organization Medusa, the author of the theft, posted the ransom request on its blog on the dark web, a version of the Internet inaccessible to conventional search engines. In the same space, he published today a piece of material belonging to CNV, along with an offer to contact the hackers.

According to screenshots from Medusa’s blog, which he visited information, CNV file menus have been published with a button inviting you to download the information. This activity links to the Tox address to contact the organization. Tox is an instant messaging service for texts and video calls that is widely used in cyber attacks because it makes it very difficult to identify the sender. So, if you want to download CNV content from the Medusa blog, you will end up with a very long code of letters and numbers that will serve as an address to contact cybercriminals on that messaging network.

A vast code of numbers and letters is the key to communicating with hackers over Tox, an encrypted messaging network.
A vast code of numbers and letters is the key to communicating with hackers over Tox, an encrypted messaging network.

Thus, CNV data is not publicly available, but hijackers have taken another step to carry out their ransomware operation, which is a hacking method that consists of entering the system of a public or private organization, capturing information and adding new ones. he is. passwords to make them inaccessible to their owners. In this case, the victim is CNV, the state body that regulates the capital market, so all its information is very sensitive.

Five days after the attack, CNV filed a criminal complaint with the Specialized Prosecutor’s Office for the Fight against Cybercrime (UFECI), explaining that the organization “keeps all information in its systems thanks to preventive measures.” possibility of cyber attack. In light of the news presented today, the agency declined to comment when it became known that a planned complaint expansion was being considered before today’s announcement.

Aside from the silence CNV expects, what steps can cybercriminals take after today’s announcement? “The main issue in these cases is that once the information is uploaded and made public, it is public forever. There are victims who have paid the ransom but have not been able to delete their data on the dark web,” explained BTR Consulting analyst Gabriel Zurdo.

According to Zurdo, publishing the address of Tox, an ultra-secure communication channel “very popular in this underground environment,” indicates that the Medusa hackers want to pursue possible negotiations for payment. This should not be taken as his only opportunity to commit his crime. “Another option is for them to upload a piece of information to negotiate a payment with the said company or person to share the information and get an additional benefit,” he added.

A screenshot of what the Medusa Organization has uploaded on their blog "dark grid
Screenshots of what the Medusa Organization has uploaded on their dark web blog

Zurdo explained that this communication channel is often opened to force someone affected by a data breach to negotiate with only their own information. The main victim, in this case the CNV, remains the main one affecting the rest of the data.

As reported information A few days ago, in the transparent world of hackers, Medusa was highly visible based on several successful attacks against companies and institutions. This popularity has led to the emergence of copycats, which also create third-party attacks that appear as scary groups. But one way or another, experts explain, they cause a terrible phenomenon.

“Medusa began to gain strength in 2021 and this year it attacked various public structures in many countries, such as the United States or Argentina. They use ransomware and demand million dollar ransom. Therefore, it is important to work with the rules that ensure computer security. Banking and finance are regulated by the BCRA, but many other companies and verticals are not. This news comes every day: we are now at 2000 attacks per week. This is starting to be addressed by culture, regulations and investment in data storage for both individuals and companies,” he said. Sergio OronaManaging partner of Information Security Consulting Services.

Named after a victim in Greek mythology, a hacker group gained notoriety after claiming responsibility for an attack on the Minneapolis Public Schools (MPS) district in March of this year and sharing a video of the stolen data.

Continue reading:

How the Medusa hacker organization that attacked CNV and stole confidential information of Argentine investors works

Cyberattack on CNV: They filed a lawsuit as they tried to restore services

The National Securities Commission has managed to “isolate and control” the cyber attack and will report it to the judicial authorities tomorrow.

Ransomemia: yesterday the pharmaceutical industry, today CNV and tomorrow?

All news on the site does not represent the views of the site, but we automatically submit this news and translate it using software technology on the site, rather than a human editor.

Leave A Reply