ANSA McAL says recovery of its IT systems after a security incident is "largely complete."
Last Wednesday, Newsday reported that the company, the largest conglomerate in the region, fell victim to a ransomware attack when hackers held some of Ansa's IT systems hostage in exchange for payment.
Ansa did not immediately confirm the ransomware attack, but did note in a release on October 20 that a security incident, that started at its Barbados operations and migrated to Trinidad, affected operations in Tatil and Tatil Life, part of the group's financial sector.
The group said then that its local IT teams, with the support of international resources, had taken prudent and measured steps to ensure the integrity of its systems.
In an e-mail to Newsday on October 27, the company elaborated that because its core systems are largely cloud-based (online) and were immediately disabled in accordance with the company's emergency protocols, the impact of the incident was contained significantly and the recovery process is largely complete.
The hackers, criminal cybergang REvil, said it had “numerous financial documentation, agreements, invoices, reports” – at least 17,000 documents that it threatened to release on a public server if a ransom was not paid.
According to technewstt.com, the hackers made good on that promise and recently released 12.9 gigabytes of Ansa's data "into the wild for public access," allegedly because the company refused to pay any ransom.
In response to questions about the veracity of this purported data dump, Ansa McAl said in the October 27 statement that it had been advised of the release.
"We have been advised that there is certain data purportedly belonging to Ansa McAl, which has been made available on the dark web for free and not for sale," it said. "We have taken the prudent decision not to place our people and IT systems at risk by seeking to access the dark web for the purpose of downloading any of these alleged files. As a result, we are unable to verify the authenticity of these claims."