Deandrea Hamilton
Editor
Turks and Caicos, January 10, 2025 – Sensitive information was kidnapped by the hackers who infected the Turks and Caicos Islands Government electronic ecosystem with ransomware and the Opposition Leader said the demand could be in the hundreds of millions of dollars.
“Looking at when it happened in Trinidad it was up in the hundred millions or so, I look at what happened in other places and what they were demanding. Most of the time they are threatening you with sensitive information to say, well I have your emails to this one, your emails to that, I have your correspondence on this, I have your private conversations on this… they always come with your sensitiveinformation that they’re threatening to release unless you pay them.”
In 2023, Trinidad and Tobago’s justice department was infiltrated, forcing government system outages for weeks in the country’s justice department. Similar threats also hit Martinique, Guadeloupe and the Dominican Republic, which all reported cyber security breaches within recent years.
“It is a critical national security threat,” said Edwin Astwood, Leader of the People’s Democratic Movement.
Astwood was speaking during a press conference on Friday January 3, 2025 to address crime, health care, aged care and where he and PDM election candidates took media questions in the countdown to the January 15 nomination day.
The PDM characterised the style of public engagement by the PNP Administration as suspicious and uncaring.
“If you can get into the government system, NHIP, who’s to say you cannot get into the airport system, the police system, and the election system, we are using electronic voting systems and technology,” pointed out Astwood, who also informed that TCI cyber defences were weak. “Cyber insurance is necessary, TCI does not have that.”
He said firewalls also were not in place and should have been erected though the telecoms service providers.
“If those things were in place, this would not have happened.”
The Cabinet shared a summary of its December 30 meeting. The meeting followed three published statements which informed of the December 18 cyber security breach and offered updates.
“The investigation into the attack continues by external forensic investigators funded by the UK Government.
Due to a number of factors including the heightened threat of attack from malign actors, restoration and recovery is being conducted carefully, balancing the need for access to critical operations against the necessity for safe restoration of services, appropriately secured against known threats.
TCIG has engaged external cyber security specialists who are taking forward the technical recovery, which is focused on the restoration of essential services. This has included deploying a capability that will manage the detection and response of any malicious activity within the network.
In order to accelerate the restoration of critical services, the relevant business continuity plans are being activated initially focused on the TCIG financial systems to enable payments. In parallel, work is underway to build alternative systems whilst work is ongoing to restore systems. Additional resources are being sought to accelerate this further and to enhance security measures in the coming weeks.
Recovery and Business Continuity Measures: TCIG is working in collaboration with external forensic investigators and external cyber security specialists who are continuing to work around the clock to investigate the breach, contain the threat and restore functionality.
Supported by a managed threat response service, all affected systems are undergoing comprehensive assessments to ensure their security before being brought back online and endpoint protection.
To mitigate the immediate impact, business continuity plans are being enacted to manually process outstanding and urgent payments. Priority will be given to the processing of payments prioritised by urgency within the following categories: Social Welfare; Scholarship and Grants; Healthcare Related Payments; Cost of Living Program; Financial Assistance Program; Community Enhancement Program; Utility Payments; Bi-Weekly Employees and All other approved payments for goods and services.”ns manually while ensuring compliance with all necessary controls and safeguards. Consequently, non-urgent payments are likely to experience delays.
A detailed report on the nature of the attack and the steps taken to prevent future incidents will be submitted once the recovery process is complete.
Cabinet were assured that every possible measure was being taken to address the incident comprehensively and ensure ongoing protection.
Cabinet was also advised that several other key databases and applications remain operational. These include: Status Cards, Passports; Election Database; RDS application for Driver’s License and ASYCUDA (customs clearance).”
Additionally, “Cabinet affirmed its commitment to providing all the resources needed to restore TCIG’s systems, whilst also building resiliency to mitigate against future attacks.
Government has issued three updates, but has held no press conferences on the breach which has crippled payment and collections systems at the Ministry of Finance, which is the manager of the country’s public purse.”
However, this information needed to be an in person experience stated the Opposition Leader, who also said he expects to be debriefed on the status of the situation.
“Where was the accountability from the Cabinet? Which minister or anyone came before the Turks and Caicos Islands and before the people and told them what was going on? Why are they hiding or lying to the people? Either you’re lying or you’re hiding or you’re hiding and you’re lying – doing both!”
There have been no press conferences held to address the cyber breach despite the significantly crippling conditions the hack has created; the ransomware attack had been defined as “major” by the Government.
On Monday January 6, government issued a new press statement informing the public of the progress and announcing the Smart Stream payment system, at the Treasury Department, had been restored.