The National Securities Commission (CNV, by its Spanish acronym) suffered a massive ransomware attack last Wednesday, when the hacking group Medusa was able to access systems hosting thousands of documents and databases hosted on the agency’s computers. The breach has been contained, authorities said Sunday afternoon.

The hackers said they would release 1.5 terabytes of financial information to the public within a week if they did not receive a payment of US$500,000. The CNV said in a press release that the attack was successfully “isolated and contained” and they had prevented the ransomware from spreading to computers beyond the agency.

Medusa “took hold” of numerous government computers and took down various official websites, the CNV said in a press release, adding that “the acting protocol helped isolate the computers and all external communication.”

According to the CNV, the financial information the attackers threatened to leak is in fact public, and includes balance sheets and other documents companies upload on its communication system. The Commission has been operating normally since the hack, and the financial market has not been affected, the agency told the Buenos Aires Herald.

The CNV intends to press charges so that the justice system can investigate the origin of the attack and who was responsible, the press release stated. The agency told the Herald that the charges are likely to be filed today, and that they did not pay for the US$500,000 ransom.

In ransomware attacks, the victim’s computer is attacked with code that encrypts the files and asks for a ransom by a certain deadline in exchange for the key to decrypt the files. 

The Medusa ransomware operation first emerged in June 2021 and quickly expanded to target corporate victims, often demanding ransoms of a million dollars. The hackers have created a blog where they publish the data of victims who refuse to pay the ransom. The group threatened to share the stolen CNV information on the platform if the agency did not pay US$500,000 within a week.

[ALERT] The Medusa ransomware gang claimed to have targeted a government agency in Argentina, Comisión Nacional de Valores, and included it on their list of victims. They allege to have stolen 1.5 terabytes of documents and databases. pic.twitter.com/S4iEgvTI4x

— Fusion Intelligence Center @ StealthMole (@stealthmole_int) June 11, 2023

Medusa gained media attention in March when the hackers claimed responsibility for an attack on the Minneapolis Public Schools (MPS) district. Back then, they shared a video of the stolen data.