MedusaBlog, a group of malicious actors responsible for the recent hack of the servers belonging to the Securities and Exchange Commission of Argentina (CNV), has decided to stop waiting for the ransom it had demanded and put its threats into action.
On June 7, hackers attacked the Commission’s servers with the ransomware Medusa, stealing about 1.5 terabytes of data and demanding the regulator pay the equivalent of $500,000 in Bitcoin, or nearly 16.6 BTC at the time of publication. The exploiters threatened the Commission to publish all the stolen information if they did not receive the ransom.
On June 19, Argentinian developer Maximiliano Firtman published an update on the situation. According to him, the criminals released the data on their website, which can only be accessed via the dark web. However, the extent of the data exposure is not entirely clear, as Firtman reports that the records are not fully visible and the hackers require anyone interested in gaining ultimate access to the data to contact them.
Firtman assumes that the data was "disclosed because the government entity did not pay the amount demanded by the criminals," and the hackers may require payment from anyone willing to gain a full set of the regulator's records.
Read also: Argentinian airline issues NFT-based tickets
However, what is already known is that the records published by MedusaBlog contain a lot of sensitive data, which contradicts the Commission's initial claims that the hackers were able to obtain only public information. Before June 19, this fact had not been obvious, as the attackers had gradually revealed small amounts of data, still hoping to obtain the ransom. When finally the dark web users saw records of CNV's meetings, discussions, plans, presentations, its staff's files, history logs, usernames, and passwords released, questions were raised about the Commission's inadequate security measures.