A state-owned telecommunications company, Tonga Communications Corporation (TCC), admitted that it experienced a ransomware attack that could affect its customers. TCC is one of the two telecommunication companies in Tonga.
The affected entity posted a notice on Facebook stating that the attack might cause delays in their administrative operations. Moreover, the company confirmed that the recent ransomware attack against them has encrypted and locked them out of some parts of TCC’s system.
Fortunately, the campaign will not impact the company’s voice and internet service delivery to its customers. However, the TCC notification clarified that it might slow down the process of connecting new users, disrupt customers’ inquiries, and delay delivery bills.
Currently, the company is working with a third-party security company to address and mitigate the effect of the attack.
This Pacific-based nation is comprised of about 171 islands and has a population of nearly 100,000.
The Tonga Communications Corporation owns the majority of the market share within its country.
The Tonga Communications Corporation controls all fixed telephone lines within the country and has around 70% market share of dial-up and broadband internet. In addition, it manages more than half of the population’s mobile phone services through its UCall service and employs over 300 individuals.
A cybersecurity researcher revealed that the Medusa ransomware group claimed the attack against TCC earlier this week. The Medusa ransomware actors operate a Ransomware-as-a-Service (RaaS), which commonly gives its affiliates the 60% of the ransom gained from its victims.
Researchers explained that the MedusaLocker actors predominantly depend on flaws in Remote Desktop Protocol to access their victims’ networks. This feature from the Medusa campaign was observed by multiple researchers in May last year.
Furthermore, the MedusaLocker operators encrypt their victims’ information and drop a ransom note with communication prompts in every folder that contains an encrypted file.
Ransomware operators have been attacking small island organisations recently. TCC is the latest entity from a small island nation that suffered a ransomware attack. A similar scenario affected the small island of Guadeloupe in November.
However, the most severe cyberattack against a small island recently was the attack against the government of Vanuatu, which shut down the entire country’s services.