- Oops!Something went wrong.Please try again later.
(Bloomberg) -- Papua New Guinea’s finance department acknowledged late Thursday that its payment system, which manages access to hundreds of millions of dollars in foreign aid money, was hit with a ransomware attack.
Most Read from Bloomberg
The attack on the Department of Finance’s Integrated Financial Management System (IFMS) occurred at 1 a.m. local time on Oct. 22, according to a statement released by John Pundari, finance minister and acting treasurer.
The IFMS consolidated the Pacific nation’s budget and accounting for all tiers and departments of government onto a platform. It controls access to funds for the government, which is heavily reliant on foreign aid.
Pundari said the system has been fully restored but “because of the risk, we are playing safe by not allowing full usage of the affected network.” Government departments and agencies would have to process checks in a secured environment, “through a controlled temporary arrangement.” Calls to the Finance Department were unanswered.
The finance department didn’t pay any ransom to any hacker or third party, Pundari said, and he insisted the government’s financial system has been “fully restored.”
The attackers have demanded Bitcoin in ransom, people familiar with the situation said. They had requested anonymity to discuss confidential government affairs. They didn’t disclose how much Bitcoin was being sought.
The office of the prime minister didn’t respond to calls and emails requesting comment.
The government’s network systems have several critical vulnerabilities that would have allowed the attackers to breach networks, people familiar with Papua New Guinea’s data security said.
In one example, earlier this year Microsoft Corp. warned its customers of vulnerabilities in its business email software and urged them to install the patches that would address the flaws. Servers for departments and agencies in Papua New Guinea’s government remain exposed to such an attack, according to a scan using the Shodan search engine, which tracks malware and malicious activity across the internet. The scan was conducted by one of the people familiar with the situation.
In ransomware attacks, hackers encrypt a victim’s computer files and then demand payment to unlock them. Ransomware attacks have been increasing rapidly in recent years, targeting school districts and cities, hospitals and businesses across the globe.
Papua New Guinea is located in the southwestern Pacific Ocean on the eastern half of New Guinea, the second largest island in the world. The government has been heavily reliant on its partners in the region for economic and technological assistance, with China and Australia competing for influence. The island nation has struggled to control Covid-19, with a little more than 1% of the population fully vaccinated. Robert Potter, co-chief executive officer of the cybersecurity firm Internet 2.0, has provided services for Papua New Guinea’s government as part of his work with the Australian foreign ministry. “This is pretty shameful, to exploit a developing economy’s critical infrastructure in the midst of a pandemic,” he said.
Papua New Guinea’s financial issues have prevented it from building a capable cybersecurity environment, said Jonathan Pryke, director of the Sydney-based Lowy Institute’s Pacific Islands Program.
“The PNG systems are so vulnerable already, and Australia is trying to come into this space and provide its own security and infrastructure. But the reality is I think the horse has bolted on this one,” he told Bloomberg News. “The systems are so exposed anyway that you really have to start over from the bottom up and that would be a huge investment. But in the pantheon of PNG priorities, it’s nowhere near the top.”
(Updates with comment from department of finance from second paragraph.)
Most Read from Bloomberg Businessweek
©2021 Bloomberg L.P.