Papua New Guinea’s finance department acknowledged late Thursday that its payment system, which manages access to hundreds of millions of dollars in foreign aid money, was hit with a ransomware attack.
The attack on the Department of Finance’s Integrated Financial Management System (IFMS) occurred at 1 a.m. local time on Oct. 22, according to a statement released by John Pundari, finance minister and acting treasurer, Bloomberg reported.
Commenting on the news, Robert Golladay, EMEA and APAC director at Illusive, said:
“This is yet another example of how cybercriminals have no shame. They will continue to attack impoverished nations as well as the “first world”. In the case of Papua New Guinea, who knows what was exfiltrated? And how that might be used in further criminal activities? Like with Covid-19, we should treat these attacks as a global pandemic. Countries that have expertise and resources should commit to helping.
There are basic things that any entity needs to do to prevent this kind of attack, including education, software patches, and backups. Basic understanding of the attack surface is also a critical activity for all government organizations and agencies.”