CNV presses charges after ransomware attack

Thousands of financial documents were stolen from the National Securities Commission, but the agency contained the breach

The National Securities Commission (CNV, by its Spanish acronym) pressed charges on Monday afternoon after a hacking group called Medusa attacked their computers last Wednesday, stealing thousands of documents and databases that they threatened to leak unless they received a payment of US$ 500,000 within a week. The breach was contained almost immediately.

The case was filed at the Specialized Prosecutors Office in Cybercrime. The CNV is requesting an investigation into the origin of the attack and who was responsible. 

According to the Commission, the financial market has been operating normally since the hack, but they are still working to get their internal systems back on track.

Medusa was able to access systems hosting thousands of documents and databases hosted on the agency’s computers, but the Commission was able to “keep the entirety of the information in its systems thanks to preventive actions”, it said in a press release this Monday.

The attack started on Wednesday at 7 a.m. Within half an hour, the CNV’s technical team was able to isolate and stop the process started by the malicious code, which was designed to encrypt financial documents and information in order to ask for ransom. 

In ransomware attacks, the victim’s computer is typically attacked with code that encrypts the files and asks for a ransom by a certain deadline in exchange for the key to recover access. If the victim does not pay, the files may be deleted.

No other agencies or government entities linked to the CNV were affected by the hack and there were “no inconveniences reported by agents, market operators or custody systems,” the Commission said.

The hackers threatened to release 1.5 terabytes of financial information to the public within a week, and demanded a ransom of US$500,000. They asked for another US$ 500,000 to delete the files from their computers. 

The financial information the attackers threatened to leak is in fact public, and includes balance sheets and other documents companies upload on its communication system, the CNV told the Herald on Monday. The Commission did not say whether there was still a risk of Medusa releasing the documents.

The Medusa ransomware operation first emerged in June 2021 and quickly expanded to target corporate victims, often demanding ransoms of a million dollars. The hackers have created a blog where they publish the data of victims who refuse to pay the ransom.


All Right Reserved.  Buenos Aires Herald