[BreachExchange] Ransomware Hackers Freeze Millions in Papua New Guinea

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Oct 28 11:20:31 EDT 2021


https://au.news.yahoo.com/ransomware-hackers-freeze-millions-papua-210036214.html


(Bloomberg) -- Papua New Guinea’s finance department acknowledged late
Thursday that its payment system, which manages access to hundreds of
millions of dollars in foreign aid money, was hit with a ransomware attack.

The attack on the Department of Finance’s Integrated Financial Management
System (IFMS) occurred at 1 a.m. local time on Oct. 22, according to a
statement released by John Pundari, finance minister and acting treasurer.

The IFMS consolidated the Pacific nation’s budget and accounting for all
tiers and departments of government onto a platform. It controls access to
funds for the government, which is heavily reliant on foreign aid.

Pundari said the system has been fully restored but “because of the risk,
we are playing safe by not allowing full usage of the affected network.”
Government departments and agencies would have to process checks in a
secured environment, “through a controlled temporary arrangement.” Calls to
the Finance Department were unanswered.

The finance department didn’t pay any ransom to any hacker or third party,
Pundari said, and he insisted the government’s financial system has been
“fully restored.”

The attackers have demanded Bitcoin in ransom, people familiar with the
situation said. They had requested anonymity to discuss confidential
government affairs. They didn’t disclose how much Bitcoin was being sought.

The office of the prime minister didn’t respond to calls and emails
requesting comment.

The government’s network systems have several critical vulnerabilities that
would have allowed the attackers to breach networks, people familiar with
Papua New Guinea’s data security said.

In one example, earlier this year Microsoft Corp. warned its customers of
vulnerabilities in its business email software and urged them to install
the patches that would address the flaws. Servers for departments and
agencies in Papua New Guinea’s government remain exposed to such an attack,
according to a scan using the Shodan search engine, which tracks malware
and malicious activity across the internet. The scan was conducted by one
of the people familiar with the situation.

In ransomware attacks, hackers encrypt a victim’s computer files and then
demand payment to unlock them. Ransomware attacks have been increasing
rapidly in recent years, targeting school districts and cities, hospitals
and businesses across the globe.

Papua New Guinea is located in the southwestern Pacific Ocean on the
eastern half of New Guinea, the second largest island in the world. The
government has been heavily reliant on its partners in the region for
economic and technological assistance, with China and Australia competing
for influence. The island nation has struggled to control Covid-19, with a
little more than 1% of the population fully vaccinated. Robert Potter,
co-chief executive officer of the cybersecurity firm Internet 2.0, has
provided services for Papua New Guinea’s government as part of his work
with the Australian foreign ministry. “This is pretty shameful, to exploit
a developing economy’s critical infrastructure in the midst of a pandemic,”
he said.

Papua New Guinea’s financial issues have prevented it from building a
capable cybersecurity environment, said Jonathan Pryke, director of the
Sydney-based Lowy Institute’s Pacific Islands Program.

“The PNG systems are so vulnerable already, and Australia is trying to come
into this space and provide its own security and infrastructure. But the
reality is I think the horse has bolted on this one,” he told Bloomberg
News. “The systems are so exposed anyway that you really have to start over
from the bottom up and that would be a huge investment. But in the pantheon
of PNG priorities, it’s nowhere near the top.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211028/d9854b01/attachment.html>


More information about the BreachExchange mailing list