Ransomhouse Responsible For Vanuatu Government Attack
The initial phase of the attack was recorded when suspicious phishing activity was discovered in an email intended for government officials
thecyberexpress December 26th, 2022
Share on LinkedInShare on Twitter
Months after a cyber-attack crippled the government of Vanuatu, ransomware group Ransomhouse claimed responsibility for it. The functions of the country, located south of the Pacific Ocean, were brought to a halt early in November after it faced multiple cyberattacks from a prolific threat actor for the past month. Via their attack, Ransomhouse targeted the emergency services of the nation and disrupted all major communication channels, including emails and phone lines.
Researchers at Cyble confirmed that the ransomware gang posted a claim of the attack on their leak site.
The group claims that it encrypted the data on its network on October 6, 2022. Additionally, it claims to have exfiltrated 3.2 TB of data and leaked a few internal documents, spreadsheets and images as a proof of compromise. The latest documents in the sample datasets were last modified on October 30, 2022.
The ransomware group paralyzed the government websites and departments were forced to use use pen and paper to conduct daily operations. And the the personnel at Port Vila Central, Vanuatu’s largest hospital had to rely on pen and paper for communications, and standard operations.
Ransomware attack on Vanuatu
The initial phase of the attack was recorded early in November when suspicious phishing activity was discovered in the email intended for government officials, especially those in the Ministry of Finance.
This cyber attack caused the government’s servers and websites to crash, causing delays in communication and coordination for the Pacific island nation. As a result, officials have been using personal laptops, pen and paper, and typewriters to run the government, and have resorted to using online directories or social media to locate government phone numbers.
The malware also crashed nearly all government email and website archives, causing departments to store data on local drives rather than web servers or the cloud. It is unclear if ransom demands were made by the hackers. The attack has caused difficulty in communication between government agencies and departments, and has resulted in delays in services for outer islands.
However, civilian infrastructure such as airline and hotel websites were not affected and most tourism and business has continued as normal.