Papa New Guinea’s Finance Department Suffers Massive Ransomware Attack

BACKGROUND:

It has been reported that Papua New Guinea’s finance department has been hit with a ransomware attack, locking access to hundreds of millions of dollars in foreign aid money, according to people familiar with the situation. The attack on the Department of Finance’s Integrated Financial Management System (IFMS) occurred last week, the people said. The IFMS consolidated the Pacific nation’s budget and accounting for all tiers and departments of government onto a platform. It controls access to funds for the government, which is heavily reliant on foreign aid. 

Subscribe
Notify of
guest
6 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
October 30, 2021 8:49 am

<p>The recent ransomware attack against Papua New Guinea\’s finance department is yet another reminder that no one is immune to being victimised as cyber criminals don\’t honor global boundaries and they usually carry out \’spray and pray\’ tactics, relying on mass email spam campaigns or malicious websites for attacks. Cybereason\’s advice is not to pay the ransom, rely on backups to return the networks to operation and to deploy a security strategy that includes EDR technology that will help put an end to successful ransomware attacks. Also, in some cases, you can\’t legally pay ransoms because it is funding terrorism and organised crime. It\’s not a good idea to ever pay unless the cost of doing so affects human life, public safety or is existential. Paying doesn\’t make the ransomware problem go away since nearly half don\’t recover data correctly, and it will become public anyway. Paying only defers some cost possibly and delays the time when it becomes public knowledge.</p>

Last edited 1 year ago by Sam Curry
Callum Roxan
Callum Roxan , Head of Threat Intelligence
InfoSec Expert
October 29, 2021 11:01 am

<p><span lang=\"EN-MY\">This case, along with other high profile cases this year, is a demonstration of how ransomware actors continue to raise the stakes of their targeting and, as a result, are becoming a more prominent National Security threat. This speaks to the level of impunity the actors must feel they have in their permissive operating environment, but such actions are likely to shape a more aggressive response from victim nations and their allies”. </span></p>

Last edited 1 year ago by Callum Roxan
Calvin Gan
Calvin Gan , Manager
InfoSec Expert
October 29, 2021 11:00 am

<p>The attack on Papua New Guinea’s finance system goes to show that the attacker responsible has no regard for livelihood, especially when it may take weeks to restore or even incur huge restoration costs. Their sole goal is to obtain a payment, and sadly has chosen a target that is currently struggling to keep up with the implementation of secure cyber security infrastructure. While demanding ransom on a critical system would pressure the government to cave in to the demand, the attacker has failed to realize that the current target may not have the means to pay up the ransom (though the amount demanded is currently unknown). Instead, the attack may potentially trigger a larger effort from the industry or nations to help Papua New Guinea restore its system and perhaps even attributing the attacker.  </p>
<p>As defenders, this attack has helped us realize that more effort could be channelled to offer assistance to organizations or institutions that may not have cyber security as priority in building resiliency towards cyber attacks”.</p>

Last edited 1 year ago by Calvin Gan
Brooks Wallace
Brooks Wallace , VP EMEA
InfoSec Expert
October 29, 2021 10:50 am

<p>Government organisations are <wbr />often top targets for ransomware attacks due to the amount of personal and business data that they hold, which cyber criminals can steal and use for monetary gain. The recent news about the attack on the <span lang=\"EN-US\">Papa New Guinea’s finance department is certainly a worry. The networks were exposed to bad actors who have now exploited the vulnerabilities to launch a ransomware attack. If the government continues to allow their networks to be exposed, other cyber criminals are likely to return and attack again, putting further pressure on the IT security teams.</span> <u></u><u></u></p>
<p>The consequences of attacks such as the breach on the Papua New Guinea finance department can have significant and devastating social impacts, particularly on those who depend on financial support. This attack in particular has caused delays to governments receiving access to foreign aid which has caused further disruption to sending vital support to those most in need. </p>
<p>The finance department’s IT team will be working hard to determine the type of malware installed. Even in a short amount of time, the impact of a ransomware attack can cause significant damage to the systems. <span lang=\"EN-US\">A ‘prevention-first’ mindset is key - </span>attacks need to execute and run before they are picked up and checked to see if they are malicious, sometimes taking as long as 60 seconds or more, which is too to wait Organisations need to invest in solutions that use technology such as deep learning which can <span lang=\"EN-US\">deliver a sub-20 millisecond response time to stop a ransomware attack, pre-execution, before it can take hold.</span></p>

Last edited 1 year ago by Brooks Wallace
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
October 29, 2021 10:49 am

<p>We continue to see ransomware as one of the most significant threats facing organizations of all kinds, all over the world today. This particular situation can be detrimental to the government of Papua New Guinea and its citizens because access to foreign aid money has been affected. </p>
<p>We are seeing cybercriminals being more selective and purposeful in their targets. Hitting high profile targets, or organisations that can\’t withstand extended periods of downtime can become lucrative for criminals. </p>
<p>It\’s encouraging to see that the ransom was not paid and that the department was able to recover their systems which is a good sign of having robust recovery processes in place. </p>
<p>In many cases, ransomware infects organisations through unpatched software or through social engineering attacks like spearphishing. By putting in place controls to defend against these, organisations can greatly reduce the risk of being victims. </p>

Last edited 1 year ago by Javvad Malik
6
0
Would love your thoughts, please comment.x
()
x