Kuwait's Ministry of Finance is working diligently to recover from a recent ransomware attack that targeted its systems. The attack, which began on September 18, prompted immediate efforts by government officials to isolate and shut down affected systems. Authorities moved to reassure citizens that payroll and payment systems were on separate networks, ensuring that workers would still receive their salaries.
In response to the attack, Kuwait's National Cyber Center has been working tirelessly, enlisting support from cybersecurity firms and undisclosed foreign governments. They have successfully isolated the Ministry of Finance's systems from the rest of the government agencies to contain the breach. The Ministry stressed that all salary data and financial transactions remained intact, and government agencies continued to function normally.
The ransomware gang responsible for the attack, known as Rhysida, added the Ministry of Finance to its list of victims and issued a ransom demand, giving the government seven days to comply. Rhysida had previously made headlines in the United States for a crippling attack on Prospect Medical Holdings, disrupting hospital operations in multiple states.
Rhysida has been targeting governments recently, with attacks on systems in Chile and Martinique. Kuwait joins the list of governments dealing with ransomware attacks, following recent incidents affecting the governments of Colombia and Bermuda. These attacks coincide with the U.S. National Security Council's call for governments worldwide to pledge not to pay ransomware hackers. Alastair Williams, Vice President of Worldwide Systems Engineering at Skybox Security, shared insights on what other organizations can learn from the attack:
"The recent ransomware attack on Kuwait's Ministry of Finance serves as a stark reminder of the substantial financial risks associated with ransomware groups targeting not only major businesses but also government entities.
To bolster their defenses, organizations should uphold a robust security stance against prevalent threats. When assessing the gravity of vulnerabilities, prioritizing factors such as network accessibility, exposure, exploitability, and the potential commercial repercussions is of utmost importance.
Organizations should ensure the presence of solutions capable of quantifying the business impact of cyber risks with economic impact factors. This methodology aids in the identification and prioritization of the most significant threats based on their financial consequences, complementing other risk assessments like exposure-based risk scores. Organizations must also enhance the effectiveness of their vulnerability management programs to promptly determine if a vulnerability affects them, assess the urgency of remediation, and explore available remediation options."
It's worth noting that last year, several Ikea outlets in Kuwait fell victim to the Vice Society ransomware gang, which researchers suspect may have ties to Rhysida. The incident highlights the growing threat of ransomware attacks on critical government infrastructure, underscoring the need for enhanced cybersecurity measures and international cooperation to combat these threats. ###