Papa New Guinea’s Finance Department Suffers Massive Ransomware Attack

BACKGROUND:

It has been reported that Papua New Guinea’s finance department has been hit with a ransomware attack, locking access to hundreds of millions of dollars in foreign aid money, according to people familiar with the situation. The attack on the Department of Finance’s Integrated Financial Management System (IFMS) occurred last week, the people said. The IFMS consolidated the Pacific nation’s budget and accounting for all tiers and departments of government onto a platform. It controls access to funds for the government, which is heavily reliant on foreign aid. 

Experts Comments

October 29, 2021
Callum Roxan
Head of Threat Intelligence
F-Secure

This case, along with other high profile cases this year, is a demonstration of how ransomware actors continue to raise the stakes of their targeting and, as a result, are becoming a more prominent National Security threat. This speaks to the level of impunity the actors must feel they have in their permissive operating environment, but such actions are likely to shape a more aggressive response from victim nations and their allies”.

October 30, 2021
Sam Curry
Chief Security Officer
Cybereason

The recent ransomware attack against Papua New Guinea's finance department is yet another reminder that no one is immune to being victimised as cyber criminals don't honor global boundaries and they usually carry out 'spray and pray' tactics, relying on mass email spam campaigns or malicious websites for attacks. Cybereason's advice is not to pay the ransom, rely on backups to return the networks to operation and to deploy a security strategy that includes EDR technology that will help put an

.....Read More

The recent ransomware attack against Papua New Guinea's finance department is yet another reminder that no one is immune to being victimised as cyber criminals don't honor global boundaries and they usually carry out 'spray and pray' tactics, relying on mass email spam campaigns or malicious websites for attacks. Cybereason's advice is not to pay the ransom, rely on backups to return the networks to operation and to deploy a security strategy that includes EDR technology that will help put an end to successful ransomware attacks. Also, in some cases, you can't legally pay ransoms because it is funding terrorism and organised crime. It's not a good idea to ever pay unless the cost of doing so affects human life, public safety or is existential. Paying doesn't make the ransomware problem go away since nearly half don't recover data correctly, and it will become public anyway. Paying only defers some cost possibly and delays the time when it becomes public knowledge.

  Read Less
October 29, 2021
Calvin Gan
Manager
F-Secure

The attack on Papua New Guinea’s finance system goes to show that the attacker responsible has no regard for livelihood, especially when it may take weeks to restore or even incur huge restoration costs. Their sole goal is to obtain a payment, and sadly has chosen a target that is currently struggling to keep up with the implementation of secure cyber security infrastructure. While demanding ransom on a critical system would pressure the government to cave in to the demand, the attacker has

.....Read More

The attack on Papua New Guinea’s finance system goes to show that the attacker responsible has no regard for livelihood, especially when it may take weeks to restore or even incur huge restoration costs. Their sole goal is to obtain a payment, and sadly has chosen a target that is currently struggling to keep up with the implementation of secure cyber security infrastructure. While demanding ransom on a critical system would pressure the government to cave in to the demand, the attacker has failed to realize that the current target may not have the means to pay up the ransom (though the amount demanded is currently unknown). Instead, the attack may potentially trigger a larger effort from the industry or nations to help Papua New Guinea restore its system and perhaps even attributing the attacker.  

As defenders, this attack has helped us realize that more effort could be channelled to offer assistance to organizations or institutions that may not have cyber security as priority in building resiliency towards cyber attacks”.

  Read Less
October 29, 2021
Brooks Wallace
VP EMEA
Deep Instinct

Government organisations are often top targets for ransomware attacks due to the amount of personal and business data that they hold, which cyber criminals can steal and use for monetary gain. The recent news about the attack on the Papa New Guinea’s finance department is certainly a worry. The networks were exposed to bad actors who have now exploited the vulnerabilities to launch a ransomware attack. If the government continues to allow their networks to be exposed, other cyber

.....Read More

Government organisations are often top targets for ransomware attacks due to the amount of personal and business data that they hold, which cyber criminals can steal and use for monetary gain. The recent news about the attack on the Papa New Guinea’s finance department is certainly a worry. The networks were exposed to bad actors who have now exploited the vulnerabilities to launch a ransomware attack. If the government continues to allow their networks to be exposed, other cyber criminals are likely to return and attack again, putting further pressure on the IT security teams. 

The consequences of attacks such as the breach on the Papua New Guinea finance department can have significant and devastating social impacts, particularly on those who depend on financial support. This attack in particular has caused delays to governments receiving access to foreign aid which has caused further disruption to sending vital support to those most in need. 

The finance department’s IT team will be working hard to determine the type of malware installed. Even in a short amount of time, the impact of a ransomware attack can cause significant damage to the systems. A ‘prevention-first’ mindset is key - attacks need to execute and run before they are picked up and checked to see if they are malicious, sometimes taking as long as 60 seconds or more, which is too to wait Organisations need to invest in solutions that use technology such as deep learning which can deliver a sub-20 millisecond response time to stop a ransomware attack, pre-execution, before it can take hold.

  Read Less
October 29, 2021
Javvad Malik
Security Awareness Advocate
KnowBe4

We continue to see ransomware as one of the most significant threats facing organizations of all kinds, all over the world today. This particular situation can be detrimental to the government of Papua New Guinea and its citizens because access to foreign aid money has been affected. 

We are seeing cybercriminals being more selective and purposeful in their targets. Hitting high profile targets, or organisations that can't withstand extended periods of downtime can become lucrative for

.....Read More

We continue to see ransomware as one of the most significant threats facing organizations of all kinds, all over the world today. This particular situation can be detrimental to the government of Papua New Guinea and its citizens because access to foreign aid money has been affected. 

We are seeing cybercriminals being more selective and purposeful in their targets. Hitting high profile targets, or organisations that can't withstand extended periods of downtime can become lucrative for criminals. 

It's encouraging to see that the ransom was not paid and that the department was able to recover their systems which is a good sign of having robust recovery processes in place. 

In many cases, ransomware infects organisations through unpatched software or through social engineering attacks like spearphishing. By putting in place controls to defend against these, organisations can greatly reduce the risk of being victims. 

  Read Less
October 29, 2021
Trevor Morgan
Product Manager
comforte AG

The recent ransomware incident affecting Papua New Guinea’s finance department underscores a harsh reality that every governmental agency must confront: a ransomware attack isn’t just a remote possibility but rather a likely imminent event. Being able to shut down operations, encrypt critical operational data, and cause general mayhem in the delivery of governmental services are the main goals of the threat actors behind these attacks. Why? Putting organizations under a harsh public

.....Read More

The recent ransomware incident affecting Papua New Guinea’s finance department underscores a harsh reality that every governmental agency must confront: a ransomware attack isn’t just a remote possibility but rather a likely imminent event. Being able to shut down operations, encrypt critical operational data, and cause general mayhem in the delivery of governmental services are the main goals of the threat actors behind these attacks. Why? Putting organizations under a harsh public spotlight as these events unfold puts incredible pressure on them to pay a ransom as the most expedient mitigating tactic.

A better course of action other than relying on paying a ransom is to prepare for this eventuality with robust recovery capabilities (tools and processes) combined with proactive data-centric protection. The former restores the IT and data environment to a pre-breach state, while the latter ensures that threat actors can’t exfiltrate sensitive data and use that compromised information as further leverage. Data-centric security methods such as tokenization and format-preserving encryption protect the data itself rather than the environment around it. Even if hackers get their hands on data, they can’t blackmail organizations with the threat of imminent release of that data. And that’s what ransomware is all about—blackmail. Don’t let that happen to your organization. Accept the eventuality and prepare accordingly.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.