Cyber Incident Victim: Argentina's Judiciary of Córdoba

On August 13, 2022, Argentina's Judiciary of Córdoba experienced a ransomware attack that compromised its technological infrastructure, forcing an immediate shutdown of IT systems and its online portal. The attack disrupted court operations, necessitating a shift to manual processes such as submitting official documents via pen and paper. The Judiciary confirmed the incident through a 'Cyberattack Contingency Plan,' disclosing collaboration with Microsoft, Cisco, Trend Micro, and local cybersecurity specialists to investigate the breach. Sources cited by Clarín described the incident as the "worst attack on public institutions in history," affecting IT systems and critical databases. The ransomware was identified through encrypted files appended with the '.Play' extension, a signature of the then-emerging PLAY ransomware operation active since June 2022. Unlike typical ransomware strains, PLAY deployed minimalistic ransom notes—a 'ReadMe.txt' file containing only the word "PLAY" and a contact email—placed at the root of infected drives.

Initial analysis suggested attackers may have exploited employee email addresses leaked during a March 2022 Lapsus$ breach targeting Globant, a software company, potentially using phishing to steal credentials. While no data exfiltration was confirmed, PLAY’s encryption method rendered systems inoperable. The Judiciary’s response focused on containment, isolating affected infrastructure to prevent lateral movement. Historical context revealed prior ransomware incidents in Argentine government agencies, including a 2020 Netwalker attack on the Dirección Nacional de Migraciones that demanded a $4 million ransom. Operational disruptions persisted post-attack, with recovery efforts prioritizing system restoration and forensic analysis to identify vulnerabilities. The incident underscored systemic risks to public-sector digital infrastructure, though no ransom payment or data leaks were publicly reported in its immediate aftermath.