Minister mum on cyber attack timing

By Sialai Sarafina Sanerivi 24 August 2021, 10:00AM

The President of the Samoa Information Technology Association (S.I.T.A.) says Governments are at increasing risk from “ransomware”, after such a virus was blamed for wiping out critical Ministerial documents just after Samoa's new administration took over.

The Samoa Observer revealed last week that the Ministry of Works, Transport and Infrastructure’s (M.W.T.I.) computer systems had allegedly been wiped out by a computer virus attack forcing them to seek help from Australian I.T. experts. 

The team is in charge of coordinating the different projects funded by the World Bank.

The Minister, Olo Fiti Vaai, was shocked upon moving into the office by the near total absence of files.

But on Monday evening he would not be drawn on the timing of the attack and refused to answer questions about possible political motivations behind it.

Olo said he would wait for his Ministry’s Information Technology team to compile a complete report on the incident before making any comments on the matter. 

In particular four computers belonging to the Transport Infrastructure Coordination Sector team suffered from being unable to access files necessary to carry out their work. 

The Ministry’s Chief Executive Officer, Magele Hoe Viali, said they were trying to "retrieve" important documents and files after their computers were subject to the attack between 2-3 August. 

The cybersecurity breach took place a week and a half after the Faatuatua ile Atua Samoa ua Tasi (F.A.S.T.) party was declared the country's new Government.

The President of S.I.T.A., Fainu'ulelei James Ah-Wai, said that the virus, which tries to take control of users’ computers for profit, has become hackers’ “most popular” tool since the COVID-19 pandemic. 

"Ransomware is a type of malicious software [...] that encrypts or locks files until you pay a ransom or an amount of money demanded by the [hacker],” he said.

"Once you pay the ransom then they send a decrypt key or code to unlock the files.”

"The attackers usually target Corporate Businesses or Government entities with high-level information and critical data of great value. Any incident of such magnitude is [usually] the work of a group with [computer] expertise, technical resources, and a motive. 

"This type of attack is massive for our community with limited resources and with a small economy.

"Imagine if the financial institutions were affected this would have a catastrophic impact. Ransomware only locks the files, but the effect on personal, financial, and Government information is massive if [released]."

Fainu'ulelei said that the viruses gained access to computer systems by preying on their weak points

"This type of attack enters through system vulnerabilities or weaknesses such as unpatched systems, misconfiguration, software bugs, server open ports, and sometimes through human error,” he said.  

"However, once the cybercriminal has the intention to exploit system vulnerabilities then that will be a risk and harm to business and Government data."

Fainu'ulelei said it is almost impossible to trace any "hackers".

"Nowadays, with technology and the expertise available, it is almost impossible to trace cyber-attacks,” he said. 

"This is because they can launch an attack using other computers from different locations and addresses around the globe. 

"In addition, a ransom is paid through cryptocurrencies, and therefore hard to trace transactions and payments made."

Fainu'ulelei said the best way to avoid being attacked by malware is to take precautions. 

"Backup and backup is the key to recovery, that's my simple advice based on our resources,” he said. 

"With the era of technology and changing landscape of attacks due to more people going digital because of COVID-19. 

"Having a daily backup online and offsite is the first step towards fighting cyber crimes. 

"We don’t have the resources and financial backup to protect us but making sure to backup critical data is vital. 

“With S.I.T.A. and [the Unit Trust of Samoa at] which I worked, we have invested in cybersecurity.

"Managers need to work with other third parties to update and [update] the system [when] weaknesses are found. Despite the costs involved [,,,] the total cost of having] systems [...] compromised is far more expensive.

"There is a possibility of files being recovered based on negotiations with the cyber criminal, but if you have a redundancy plan in place it is much easier to restore everything."

Magele, the C.E.O. of M.W.T.I. said the broader Government had been hit by the computer hack with, he said, devastating results to Government record keeping.

Magele revealed that the M.W.T.I. was not the only Government ministry that has been struck by the virus. 

"I understand that the first people that were affected are from the Samoa Airport Authority (S.A.A.) then the M.C.R. (Ministry of Customs and Revenue), and then the (Ministry) of Health," Magele said. 

Magele said the Government’s I.T. team has been working to try and retrieve the files. 

"Once our machines were infected and we had a special technical team from the Ministry of Communication and Information Technology (M.C.I.T.) to work with our I.T. team. We also had assistance from S.I.T.A. (Samoa Information Technology Association)," he said. 

"So they sought help from experts in Australia in terms of cybersecurity and as of today, I am still waiting for a report from them on what actually happens. 

"But we have a provider [from whom] we buy anti-virus [...] and they managed to put our emails on the cloud and helped us operate starting from the 5th and 6th of August onwards."



By Sialai Sarafina Sanerivi 24 August 2021, 10:00AM
Samoa Observer

Upgrade to Premium

Subscribe to
Samoa Observer Online

Enjoy unlimited access to all our articles on any device + free trial to e-Edition. You can cancel anytime.