PNG government system hit by ransomware attack

6:15 am on 29 October 2021

Papua New Guinea's government pay system has been hit by a ransomware cyber attack.

The finance minister and acting treasurer, John Pundari, confirmed that the attack on the Department of Finance's Integrated Financial Management System occurred a week ago.

A ransomware attack rolling out across the globe has affected Australian offices of global companies.

Ransomware attacks are becoming more frequent globally. Photo: 123RF

The system, which manages access to hundreds of millions of dollars in foreign aid money, was disabled by attackers who demanded Bitcoin in ransom payment from PNG.

Pundari said the government didn't pay a ransom to any hacker or third party, adding that the system had now been "fully restored".

"The government and the people of Papua New Guinea can be assured that the government financial services will continue as usual," Pundari said in a statement.

But as a precaution, he said the government was not allowing full usage of the affected network, while it cleaned up the server environment and adopted temporary measures.

"The Department (of Finance) is conscious of the security and integrity of its data. Therefore restoration of services to all government agencies, including the sub-national level, will be done gradually, so as not to compromise or allow any further spread of this malware or other virus."

Vulnerable and exposed

PNG's cyber security settings are vulnerable, and it has come to rely on its development partners for technological assistance.

However, according to an Australian funded report in 2020 commissioned by PNG's National Cyber Security Centre, a data centre built in PNG by Chinese telecommunications giant Huawei exposed secret government files to theft.

PNG's financial constraints have prevented it from building a capable cybersecurity environment, Jonathan Pryke, the director of the Sydney-based Lowy Institute's Pacific Islands Program, told Bloomberg.

He said its systems were so exposed that the government would probably have to start afresh with building a secure network, which would require a huge investment.

But Pryke said that in the pantheon of PNG priorities, cyber security was nowhere near the top.

The PNG treasury

According to PNG's Treasury, in the wake of the cyber attack on its financial system, temporary measures have been taken to ensure all provinces and districts ave access to committed funds. Photo: RNZ Pacific/ Koroi Hawkins