The Government of the Caribbean nation of Bermuda said it was the victim of a cyberattack that likely originated from Russian threat actors and that it was working to restore the affected systems.
While threat actors tend to target companies with ransomware attacks, governments and other official institutions are also at risk. In some cases, companies are more compliant and willing to pay the ransom, although the general advice from cybersecurity companies and even the FBI is not to pay or engage with the attackers.
Following problems with the government’s IT infrastructure, the attack was confirmed via social media, although authorities didn’t say what kind of an incident it was. The description, though, seems to indicate a ransomware attack, especially since the government said that no data appears to have been stolen, a common occurrence in ransomware crimes.
“The public is advised that the Government Is currently experiencing internet/email and phone service interruptions,” said the Bermuda Government on social media. “All Departments are impacted. The Department of Information and Digital Technology (IDT) is working quickly to restore service.”
Besides the phone and email interruptions, no other systems seem to have been affected, although it’s likely that many systems were shut down. The source of the infection was not determined, but the government did say that a Russia, or a Russian-linked threat actor, is to blame.
“We are trying to identify which systems are affected, which ones are not so that we can return to servicing persons, so people at TCD, people at immigration et cetera, can get the government services which they rely on,” said Bermuda Premier Edward David Burt, according to a RoyalGazzete report.
“Our initial indication is it’s come from an external source, most likely from Russia, and we are working with agencies to make sure that we can identify any particular challenges and make sure that services are restored as quickly as possible.”
Authorities have restored most of the systems, but the investigation is still ongoing, and there’s no further information on what group was responsible for the attack or what ransomware was used.