Photo: © AFP
Court system of Argentina Cordoba turned off their IT systems following a ransomware attack reportedly at the hands of a new ransomware operation called Play. The attack took place on Saturday, August 13th.th 2022, causing the judiciary to shut down the IT systems and their online portal. The shutdown also forces the use of pen and paper to file official documents.
According to official sources: “Cyber attack on the technological infrastructure of Cordova court on Saturday, August 13, 2022 due to ransomware that compromised the availability of its IT services.”
As for the way to attackLast March, the Lapsus$ group released a list of employees’ email addresses, and the leak could have allowed attackers to launch a phishing attack to steal credentials.
We study the issue for digital magazine Josh Rickard, Senior Security Automation Architect at Swimlane.
Ricard defines the type of attack as ransomware, noting: “This ransomware attack on the Argentinean judicial system of Córdoba follows the September 2020 attack on the country’s National Directorate of Migration, proving that government organizations are becoming increasingly popular targets for cyberattacks in recent times. years.”
Regarding the nature of the attack, Rickard said: “The attack affected the agency’s IT systems and databases. calls Argentine news site Clarín call the event “the worst attack on government institutions in history”. While details about how Play hacked into the agency’s network are still emerging, there is no indication that any data was stolen in the attacks.”
Local governments are an attractive target for cybercriminals due to the amount of sensitive information they hold and the often limited cybersecurity resources they possess.
The emphasis on public services is not surprising, given the amount of personal data stored. Ricard adds: “Local government organizations’ abundance of sensitive information and often limited cybersecurity resources have made them relatively easy targets for ransomware groups. These groups use this information to their advantage, which unfortunately means that the victims are the locals.”
In terms of lessons to be learned, Ricard suggests: “Organizations small and large should use security automation to help detect and respond to these threats in near real time. By implementing low-code security automation, organizations can implement repeatable and robust response processes that increase the shortage of available staff.”