Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Nearly two weeks after hackers crippled the Pacific nation’s National Health Information System, an infamous ransomware group has published sample data on darknet.
The INC Ransom ransomware gang has listed the Kingdom of Tonga’s Ministry of Health as a victim on its darknet leak site, two weeks after the ministry experienced serious disruption to its services in the wake of a cyber attack.
Aside from the listing, dated 27 June, the hackers have also published four sample documents exfiltrated during the attack.
One is a weekly report of communicable disease rates, while the others are a weekly COVID-19 summary, a letter requesting a visa for a family member, and an intensive care flow chart.
No ransom details have been shared; however, the Tongan government has recently said the ransom demand was US$1 million – a ransom that it has refused to pay.
“Paying ransom is not advised globally, so it will not be paid,” Piveni Piukala, Tonga’s Minister for Police and Cyber Security, told news website Matangi.
Australian cyber security experts have been assisting Tongan authorities in recovering from the attack, and a Tongan delegation is due to travel to Australia in the coming weeks to discuss the matter with the Australian government. According to Minister Piukala, the Australian contingent is close to completing their remediation work.
“It does raise questions on the safety of Tonga against cyber security crimes,” Dr Taniela Fusimalohi, Tonga’s Deputy Prime Minister, said of the attack.
Tonga’s National Health Information System was fully encrypted during the attack, and medical staff have been forced to rely upon pen-and-paper record keeping in its wake.
In an advisory dated 18 June, the Ministry of Health warned of disruption to its IT systems and website, which continues to be down.
“The Ministry of Health is actively addressing a situation impacting its IT systems, including the public-facing website. The ministry has deployed dedicated IT resources to investigate and prioritise the restoration and availability of our systems,” the advisory said.
“Despite this issue, all health services are operational, and individuals seeking medical care should continue visiting health facilities as usual. The public are advised to bring their clinic cards when seeking medical care as this will help our healthcare workers.”
INC Ransom has not listed a ransom deadline.
Cyber Daily has reached out to Tongan authorities for comment.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
