Papua New Guinea’s government finance office has been hit with a ransomware cyberattack and the hackers are demanding bitcoin, according to Bloomberg News. And while many of the specifics surrounding the attack are still unclear, it’s becoming obvious that hackers won’t just target the wealthiest countries and richest corporations with ransomware anymore.
Papua New Guinea, a country of 9 million people just north of Australia and east of Indonesia, depends heavily on foreign aid to fund many of the country’s services. Unknown hackers targeted PNG’s Department of Finance and its Integrated Financial Management System, which handles much of that financial aid.
The cyberattack reportedly happened last week and while we know the hackers demanded bitcoin, the cryptocurrency of choice for ransomware hacks, the government of Papua New Guinea won’t say how much money has been requested. Ransomware typically involves encrypting sensitive files and demanding a ransom for the decryption keys. In this case, it appears foreign aid funds have even been frozen, according to Bloomberg, though the mechanics of how that happened are still unknown.
To top it all off, Papua New Guinea has struggled in recent weeks with some of its worst covid-19 surges to date. The country is currently averaging about 388 cases per day, widely believed to be an undercount of the actual number due to poor testing, according to Australia’s ABC News. The Pacific nation has also struggled with covid-19 vaccinations, achieving a dismal 1.2% vaccination rate so far.
There simply isn’t enough room in local hospitals to handle the covid-19 patients and oxygen supplies are dangerously low, according to people on the ground witnessing the tragedy unfold. Last week alone, at least 100 people arrived at PNG’s Port Moresby General hospital dead from covid-19. The influx of dead people has led local leaders to plan a mass burial so that corpses aren’t taking up so much space in the overflowing morgue.
As the ABC explains, part of the struggle to get people vaccinated in Papua New Guinea is the proliferation of conspiracy theories online:
Widespread conspiracy theories and misinformation being shared online have been blamed; their spread has been aided by a distrust in government and authorities. In some communities, health workers offering the vaccine have even been threatened or attacked.
In April, Facebook announced it was launching an education campaign in PNG, but it does not seem to have spread widely. The ABC has asked how many users it was rolled out to and is awaiting the response.
Gizmodo has also asked Facebook over email about its education campaign in Papua New Guinea, which explained its ads had reached over 800,000 people.
“The Papua New Guinea Covid Misinformation media literacy campaign ran ads on Facebook and Instagram educating users on the top tips to spot misinformation related to COVID-19 online,” a Facebook spokesperson told Gizmodo early Thursday.
“Between 7 April and 28 June, the ads reached over 800,000 people and had over 4.6 million impressions. 88% of the people reached were under the age of 45. 38% of people reached were female and 62% were male.”
In the meantime, let’s just hope the hackers don’t soak PNG for all it’s worth. Big companies like JBS meat processor, which paid $11 million in bitcoin earlier this year to get its files decrypted, can absorb those kinds of costs. They may even work them into their regular budgets these days, as bitcoin ransomware becomes more and more common. But countries like PNG are hanging by a thread financially. They simply don’t need this shit right now.
Updated 7:28 a.m. ET with comment from Facebook about its program in PNG.