The hacker group known as MedusaBlog, has reportedly carried out its threat and published the information stolen last week from the Argentinean Securities and Exchange Commission (CNV).
Thousands of private data and documents were disclosed because the government entity did not pay the sum demanded by the criminals.
One of the first to report this disclosure of private documents was the Argentine programmer Maximiliano Firtman. He alerted this Monday morning, June 19, on Twitter that the 1.5 terabytes (TB) of CNV’s private information was made available to the public on the Internet.
As Firtman argues, the CNV Argentina most likely did not pay the ransom of USD 500 thousand requested by the cybercriminals in bitcoin (BTC). Which is equivalent to about 18.9 BTC, at the price of this June 19, 2023.
This resulted in keys, hearings, minutes, complaints, databases, employee files, passwords and histories being disclosed on the MedusaBlog website. This can only be accessed through the dark web. “Even the Security Committee has its minutes, plans and presentations leaked,” warned the programmer.
Beyond that, users and passwords to different servers have also been published. As well as entire databases of trusts, mutual funds and appraisers. “It’s a potential disaster,” he lamented.
According to Firtman, the private documents stolen by MedusaBlog are not 100% public. Although they appear with publication status on the website, the hackers must be contacted through the peer-to-peer instant messaging service TOX to gain access to the full extent of the information
“Presumably they are looking for some money to give you the files; it’s not clear yet,” the Argentine programmer points out.
The latter makes sense considering that the modus operandi of ransomware attacks such as MedusaBlog’s is generally based on selling the private information that was stolen if the extortion payment is not achieved.
What happened to the CNV Argentina data?
The hacker group MedusaBlog attacked the servers of Argentina’s National Securities Commission (CNV) with ransomware. This cost the theft of 1.5 TB of private information.
A ransomware attack involves an entity hijacking the information of a user or institution and demanding ransom. Many times in cryptocurrencies such as bitcoin or other more private ones, such as monero (XMR) to release it.
The hack occurred last June 7 and was carried out with the ransomware known as Medusa. The attack took possession of CNV equipment and disconnected several devices and terminals of that government agency.
Although the hackers asked for half a million dollars in bitcoin not to disclose the stolen content, since June 12 the attackers began to publish part of the stolen information, albeit as a test.
In that sense, the CNV went so far as to say that the hackers were only able to obtain “public information” related to the institution’s communication system, called Public Information Highway.
However, what was revealed this Monday on the MedusaBlog portal shows that there are not only public documents. There is sensitive and private information of Argentine citizens that was stolen and now disclosed by the hacker group. For programmer Maximiliano Firtman it is clear that the “CNV lied”.