NIB calls in foreign experts against cyber attack

THE National Insurance Board (NIB) has called in local and international cyber security experts in response to a ransomware cyber attack on Wednesday.

All NIB offices will stay shut for the rest of this week due to the attack. NIB corporate communications manager Tricia Clarke sent two releases on Wednesday about the hack.

The first statement at 7.46 am announced the cyber attack and the closure of offices. The second, at 6.08 pm, said the NIB was engaging local and foreign experts.

The first statement said, "The company is currently assessing our systems after having experienced a ransomware attack on Tuesday, December 26.

"All steps are being taken to protect our data integrity and technology hardware.

"We are also continuing to diligently work with our external technology partners  expeditiously resolve this matter."

The NIB said it reported the incident to the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) under the Ministry of National Security and was working with them toward a resolution.

"Please continue to monitor our social media pages for any further updates."

Newsday was unable to contact Minister of Digital Transformation Hassel Bacchus, Minister in the Ministry of Finance Brian Manning or Minister of Public Administration Allyson West.

The second statement said the NIB confirmed that it was experiencing disruptions to its usual operations resulting from the ransomware attack. It said the incident was reported to the Ministry of Digital Transformation.

"Additionally, the NIB has engaged the services of local and international cyber security experts to spearhead the discovery and assessment to mitigate risk."

The NIB spelt out what the disruption would mean for members of the public.

"The organisation notes that all scheduled commitments have been completed for December 2023 and anticipates that all future commitments for January 2024 will be honoured.

"Customers with confirmed appointments during the three-day temporary closure will be facilitated with a new appointment during January 2024."

The NIB will resume all operations on a phased basis from January, with details to be confirmed in subsequent communication.

"All NIB offices will remain closed until Friday, with customer-facing services and the appointment portal being temporarily unavailable during this period."

The organisation again asked the public to monitor its social media pages for updates.

"The NIB remains resolved in its efforts to protect data integrity and technology hardware without further operational disruption."

This is the latest in a string of cyber attacks on public and private entities in Trinidad and Tobago.

In November, Chief Justice Ivor Archie revealed the Judiciary was targeted, while addressing a news briefing at a regional forum of chief justices in Port of Spain.

"In TT – I can speak about that – there have been attempts at penetration, fairly recently, which we were able to contain.

"But I think, as you know, the black hats (malicious hackers) are continually evolving their methodology.

"What we got today was a framework for each of us to be able to assess – look at our risk matrix and assess where we are – and then take concrete next steps towards developing proper workplace culture, how to organise incident responses, and to make sure that we have robust mitigation and continuity plans in the event that there is a breach."

The most notable cyber attack recently was at TSTT on October 9, as reported a month later.

TSTT was attacked by the hacker group RansomEXX, which infects computer systems with malicious software ("malware"). This ransomware encrypts an organisation's data to block users until the organisation pays a ransom online to get a decryption key.

TSTT said the "cyber terrorists" got only 6G of data accessed – less than one per cent of data held by TSTT – and was largely just identity information.

"What is not included: call records, transactional data, customer passwords and financial information.

"TSTT’s investigation has found that no customer passwords or credentials were accessed."

The company spelt out the immediate measures it took.

"These applications were subsequently quarantined, rebuilt and put back into production as part of clearly defined policies and procedures."

The Ministry of the Attorney General also fell victim to a cyber attack on July 9.

The private sector was also affected. Newsday recently reported cyber attacks on Courts stores, PriceSmart, and Massy Stores earlier this year.

On April 28, Massy was attacked by a ransomware group, resulting in all 21 stores having to close until Massy rectified the issue through its technical experts.

On November 12, Newsday reported a previous attack on Courts Caribbean online payment platform. Hackers stole details of up to 200,000 customers – names, genders, e-mail addresses, account passwords, ID information, dates of birth and phone numbers, plus transaction details such as billing and shipping addresses, purchase dates and shipping information.

Courts said customers’ payment methods and password information had not been exposed.

In November, reports were that PriceSmart was hacked by a group known as AlphV or Black Cat.

Local cyber security expert Shiva Parasram told Newsday then, "They are notoriously popular in the ransomware business. They are actually almost like a best-of-the-best group. They recruit a lot of other ransomware extortionists from different groups and try to use the best hackers."