T&T’s Cyber Security Team reports increase in ransomware attacks
The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has observed a significant increase in ransomware attacks targeting local organizations.
Ransomware is a type of malware that prevents users from accessing their system or files and demands a ransom payment in order to regain access. Threat actors have also threatened to publish or sell the victim’s sensitive data if they refuse to pay however paying the ransom does not guarantee that an organization will regain access to their data.
TT-CSIRT is urging all entities, both public and private, to adopt a heighten state of awareness.
Just last week Caribbean conglomerate Ansa McAl was forced to admit that they had fallen victim to one of these attacks. Since then, websites specialising the tech news reported that files and personal data belonging to the company’s clients were leaked.
It’s unclear whether Ansa McAl paid the ransom to have the files returned.
A cyber-security seminar hosted by Digicel this morning also revealed that Ansa is one of two Caribbean entities hit by ransomware in the past week.
TT-CSIRT said that ransomware attacks can be initiated through multiple attack vectors. The most prominent ones that TT-CSIRT has seen used against local entities are; exploiting system vulnerabilities (particularly outdated firewall devices and exposed remote desktop protocol), phishing emails with infected attachments or links and compromising user credentials.
TT-CSIRT also listed a host of countermeasures against ransomware.
They’re advising owners and operators that all ransomware attacked should be reported to them and police.