Photo: © AFP
Argentina’s Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly at the hands of the new ‘Play’ ransomware operation. The attack occurred Saturday, August 13th 2022, causing the Judiciary to shut down IT systems and their online portal. The outage is also forcing the use of pen and paper for submitting official documents.
According to official sources: “The cyberattack suffered by the technological infrastructure of the Court of Córdoba on Saturday, August 13th, 2022, for a ransomware that has compromised the availability of its IT services.”
As to the way in for the attack, a list of personnel email addresses was leaked by the Lapsus$ group last March, and this leak may have enabled the threat actors to execute a phishing attack to steal credentials.
Looking into the issue for Digital Journal is Josh Rickard, Senior Security Automation Architect at Swimlane.
Rickard pinpoints the type of attack as ransomware, noting: “This ransomware attack on Argentina’s Judiciary of Córdoba follows on the heels of a September 2020 attack on the country’s Dirección Nacional de Migraciones, proving that government organizations have become increasingly popular targets for cyberattacks in recent years.”
In terms of the nature of the attack, Rickard finds: “The attack has affected the agency’s IT systems and databases, causing Argentinian news site Clarín to dub the event the “worst attack on public institutions in history.” Although details are still emerging about how ‘Play’ breached the agency’s network, there is no indication that any data was stolen in the attacks.”
Local government organizations are an attractive target for cybercriminals because of the wealth of sensitive information they hold and the often-limited cybersecurity resources they possess.
The focus on civil services is unsurprising given the amount of personal data held. Rickard adds here: “Local government organizations’ abundance of sensitive information and often-limited cybersecurity resources have made them a relatively easy target for ransomware gangs. These groups leverage this information to their benefit, which unfortunately means local citizens are the victims.”
In terms of lessons to be learned, Rickard offers: “Organizations small and large should use security automation to assist with the detection and response of these threats at near real time. By adopting low-code security automation, organizations can implement repeatable and reliable response processes that augment the lack of staff available.”