Freely subscribe to our NEWSLETTER

Calvin Gan, Senior Manager with F-Secure’s Tactical Defense Unit comments:

“The attack on Papua New Guinea’s finance system goes to show that the attacker responsible has no regard for livelihood, especially when it may take weeks to restore or even incur huge restoration costs. Their sole goal is to obtain a payment, and sadly has chosen a target that is currently struggling to keep up with the implementation of secure cyber security infrastructure. While demanding ransom on a critical system would pressure the government to cave in to the demand, the attacker has failed to realize that the current target may not have the means to pay up the ransom (though the amount demanded is currently unknown). Instead, the attack may potentially trigger a larger effort from the industry or nations to help Papua New Guinea restore its system and perhaps even attributing the attacker.

As defenders, this attack has helped us realize that more effort could be channelled to offer assistance to organizations or institutions that may not have cyber security as priority in building resiliency towards cyber attacks”.

Callum Roxan, Head of Threat Intelligence comments:

“This case, along with other high profile cases this year, is a demonstration of how ransomware actors continue to raise the stakes of their targeting and, as a result, are becoming a more prominent National Security threat. This speaks to the level of impunity the actors must feel they have in their permissive operating environment, but such actions are likely to shape a more aggressive response from victim nations and their allies”.