Ransomware, Data Security, Malware, Incident Response

Government of Vanuatu offline since early November in suspected ransomware attack

An aerial view of a cruise ship docked in Port Vila, Vanuatu.
The newly elected government of Vanuatu has been offline since taking office in early November in what is suspected to be a ransomware attack. (Photo by Mario Tama/Getty Images)

The government of Vanuatu has been offline for over a month in what is a suspected ransomware attack.

According to numerous reports, the country’s newly elected government began experiencing problems on the first day Prime Minister Ishmael Kalsakau took office on Nov. 4 and the cyberattack was acknowledged on Nov. 5.

Suspicious phishing activity was first noticed on Nov. 5 in emails to the Ministry of Finance, according to a financial analyst who spoke with the Guardian newspaper, but two other sources confirmed to the Guardian the crash began Oct. 30. 

The cyberattack has taken down government servers and websites (SC Media was still unable to call-up any government sites as of this writing). As civilian infrastructure remains online, officials have been using private email accounts, personal laptops and written communications for government services.

The government has released few details about the cyberattack, but a Vanuatu-based consultant spoke with NPR on Dec. 6: "Imagine if in the U.S. or the U.K. or Australia, a new government has started and there's a whole changeover ... you can't even allocate email addresses to your new staff, you can't coordinate what's happening between ministers," Glen Craig, managing partner of the consulting firm Pacific Advisory, told NPR in a phone interview.

"We're the first country in the world that this has happened to. ... It's not a good time in Vanuatu, I can assure you," continued Craig, who also serves as chairman of the Vanuatu Business Resilience Council.

The Australian government is assisting to bring Vanuatu’s systems back online, Pat Conroy, Australia’s minister for international development and minister for defense industry, told the Daily Post on Nov. 26. 

Kalsakau told the Daily Post on Dec. 1 that 70% of his government’s systems were restored with partial access, adding that it was an achievement for IT experts to do so in three weeks.

“In this recovery work, we are building back our government networks better and safer. We are bringing systems online in a secure and contained environment with strengthened safeguards to ensure there is no risk of re-infection,” Kalsakau was quoted Dec. 1 in the Vanuatu Daily Post.

The country of Vanuatu is spread out over many islands in the South Pacific and has a population of just over 300,000. 

The Asia-Pacific region has been particularly hard-hit by ransomware lately, as Australia’s health insurer Medibank refused to pay a ransom for the return of the stolen information of 9.7 million customers. A breach of Australia’s second-largest wireless carrier, Optus, led to the compromise of data for 9.8 million customers.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.