‘Disaster’ at FSC

Last week’s cyberattack at the Financial Services Commission (FSC) appears to have been a more grave cause for concern than first acknowledged by the entity that oversees the regulation of Jamaica’s insurance, pension, and securities industries.

According to reports reaching The Gleaner, the commission has lost almost all of its data that was hacked and encrypted. The hackers also demanded a ransom from the commission, providing a link to a site with instructions on how the ransom should be paid.

However, as a major entity dealing with cybercrimes, FSC personnel did not open the website, nor did the entity agree to pay any ransom.

Multiple sources told The Gleaner that so widespread is the cyberattack that even the phone system at the commission has been affected.

“Internal calls can be made, but calls from the outside or being made to outside lines do not get through,” one source said.

The FSC brought in overseas consultants who worked over the weekend to try to get the commission back online.

INTERNET SYSTEM STILL DOWN

However, it was not expected that the FSC’s internet system will be back up and running until later this week.

Along with files reportedly being compromised and Internet service and the phone system being affected, even payments to staff have been impacted.

The Gleaner understands that even if the files are recovered, they may be useless to the commission.

“Backup paper files as well as files that were not on the hacked system may be useful, but all files hacked and encrypted will be of no use,” one of The Gleaner’s sources said.

It was not immediately clear what type of files were primarily affected, but the FSC officials with whom The Gleaner spoke described the situation as a “disaster”.

In a press release announcing the cyberattack on September 6, the commission said it had experienced a cyber event.

“A dedicated team of cyber security experts from the Jamaica Cyber Incident Response Team (Ja-CIRT) and the Major Organised Crime and Anti-Corruption Agency (MOCA) is working aggressively to assess the extent of the event,” the FSC said in its initial statement last Wednesday.

The FSC went on to state that it wished to assure staff, licensees, registrants, and other stakeholders that all efforts were being made to protect their personal information and data.

“The FSC remains operational, however, our stakeholders may experience delayed responses and processing times,” the commission said at the time in the statement, which was over the name of David Geddes, director of stakeholder engagement, communication, and international relations.

The FSC noted that further updates would follow as the investigation progressed. However, up to yesterday, there had been no new statements posted on social media.

Contacted by The Gleaner, Geddes said the FSC was continuing to collaborate with MOCA and Ja-CIRT.

“We recognise that our stakeholders are concerned and we are doing everything in our power to have the matter resolved expeditiously and, in the interim, we ask our stakeholders to recognise the challenges that have been presented and we will provide further updates as soon as we are in a position to do so,” he said.

Geddes added further that the Commission is looking at all available options to bring about a speedy resolution to the matter.

Just last month, The Sunday Gleaner reported that cybercriminals had targeted Jamaica’s security systems more than 19 million times in the first half of the year.

The cyberattacks include ransomware and malware and targeted the country’s government, financial, education and medical sectors, according to a report from FortiGuard Labs, the threat intelligence and research arm of computer security provider, Fortinet.

editorial@gleanerjm.com