Kuwait’s ministry of finance recovery efforts post major ransomware attack

Saudi, UAE hit hardest by ransomware attacks in 2021-2022
Kuwait’s ministry of finance recovery efforts post major ransomware attack
Kuwait responded swiftly to the ransomware attack

Kuwait’s Ministry of Finance (MoF) disclosed that the National Cyber Center of the country has been tirelessly working to resolve a ransomware attack that targeted the ministry last week.

The attack was launched on September 18, and prompted swift action from government officials who promptly initiated measures to isolate and disable the impacted systems.

The ministry is currently undergoing recovery efforts following the attack. Officials were proactive in addressing concerns regarding payment and ensuring workers that they would receive their salaries, emphasizing that the payment and payroll systems were operating on a separate network.

MoF has enlisted the assistance of cybersecurity firms and undisclosed governmental entities to aid in the resolution process.

In addition, the ministry confirmed that all data on workers’ salaries in government bodies are stored in the Ministry’s systems, and financial transactions are recorded.

It added that all government agencies are continuing and operating normally.

Read more: Businesses must brace for AI-powered attacks

Seven-day deadline

Last week, the Rhysida ransomware group targeted Kuwait’s MoF. The ministry was included in the group’s list of victims. A seven-day deadline was set for the government. The deadline was for the government to pay an undisclosed ransom.

The gang gained attention in the United States (U.S.). They were recognized for their highly impactful attack. The attack targeted Prospect Medical Holdings, a healthcare organization. The organization operates 16 hospitals across multiple states.

The incident led to the redirection of ambulances, causing significant disruption.

This ransomware group has specifically targeted governments and has recently focused on compromising systems in Chile and Martinique.

Kuwait ransomware

GCC ransomware attacks

According to a cybersecurity report by Group-IB, organizations in Saudi and the UAE were the most targeted. They experienced the highest number of ransomware attacks among all GCC countries. The attacks occurred from mid-2021 to mid-2022.

The report, issued in January 2023, highlighted that the energy, telecoms, IT, and manufacturing sectors were frequently targeted industries in terms of ransomware attacks.

The paper revealed that during H2 2021 and H1 2022, a total of 42 companies in the GCC region became victims of these ransomware attacks. Among these companies, 33 percent were based in the UAE, while 29 percent were from Saudi.

The findings indicated that 21 percent of the companies affected by ransomware attacks were from Kuwait, while 10 percent were from Qatar. Furthermore, Omani and Bahraini organizations comprised less than 10 percent of the targeted entities.

In a ransomware attack, individuals or groups utilize software to gain unauthorized access to a company or organization’s files. The objective behind such attacks is typically to either extort the targeted business or unlawfully acquire its data.

For more tech-related news, click here.