Tonga is the latest Pacific Island nation hit with ransomware
Tonga’s state-owned telecommunications company has been hit with ransomware, it warned customers on Monday.
Tonga Communications Corporation (TCC) — one of two telecoms companies in the country — published a notice on Facebook saying the attack may slow down administrative operations.
“Ransomware attack has been confirmed to encrypt and lock access to part of TCC’s system. This does not affect voice and internet service delivery to the customers, however, it may slow down the process of connecting new customers, delivering of bills and managing customers’ enquiries,” the company said.
“We are working with security companies to mitigate the negative impact of this malware.”
The Polynesian country is made up of some 171 islands and has a population of about 100,000.
TCC controls all of the fixed telephone lines and has a 70% market share of dial up and broadband internet. With more than 300 employees, it manages about half of the mobile phone services through its UCall service.
Cybersecurity expert Dominic Alvieri said the Medusa ransomware group took credit for the attack on TCC on Monday.
Medusa is back and allegedly breached Tonga Communications.
— Dominic Alvieri (@AlvieriD) February 13, 2023
/tcc.to#cybersecurity @Cyberknow20 pic.twitter.com/9Tf9RbSsOu
In an advisory last year, the Cybersecurity and Infrastructure Security Agency warned that Medusa operates as a Ransomware-as-a-Service (RaaS) model and typically gives affiliates 60% of ransoms while keeping the rest.
“Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks,” they wrote in a joint memo with the U.S. Department of Treasury and the Financial Crimes Enforcement Network last year.
“The MedusaLocker actors encrypt the victim’s data and leave a ransom note with communication instructions in every folder containing an encrypted file.”
Trouble in the Pacific
TCC is the latest small island government organization attacked by cybercriminals. The French island of Guadeloupe was attacked in November and the government of Vanuatu — about two hours by plane from Tonga — was knocked offline following a ransomware attack.
That attack crippled the operations of Vanuatu’s parliament, police and prime minister’s office while also taking down almost all of the digital tools used by the country’s schools, hospitals and government services.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.