BitDepthRansomware report reveals Caricom-wide attacks

Ransomware report reveals Caricom-wide attacks

Above: Illustration by swevil/123RF.com

BitDepth#1448 for March 04, 2024

The Ransomware Roundhouse, a report on the state of ransomware in 2023 was launched last week with a webinar discussing the findings and their implications.

The authors, Alex Samm of Tier 10 Technology and Shiva Parasram of the Computer Forensics and Security Institute, acknowledge that their findings are incomplete, based as they are on announcements by ransomware collectives of successful exfiltrations of company data from businesses.

The report lists 32 known breaches among Caricom nations. TT is second in a tie with the Dominican Republic with four known breaches and behind Dominica and Puerto Rico who led with six known breaches each.

The Caricom nations confirmed to have been hit by successful ransomware breaches were Antigua and Barbuda, The Bahamas, Barbados, Belize, Dominica, Grenada, Guyana, Haiti, Jamaica and Trinidad and Tobago.

Among the affected entities are insurance companies, logistics and supply businesses, retail and medical companies and a higher education institution.

The report redacts specific details about the companies or institutions affected, but lists the ransomware collectives responsible for the 2023 attacks.

The 8Base, Lockbit3, RansomEXX, Royal and Hive ransomware groups targeted TT and only Royal is currently listed as inactive.

These are all international criminal businesses, the authors warn, who do not discriminate based on company size, business sector or location.

“In 2023 we learned that no one was safe in the Caribbean region,” Parasram and Samm write.

“The sector, size of the organisation, technologies implemented, impact on the global stage, geo-political affiliations or even the GDP were of no matter. Threat actors were interested only in profits and chose their targets based on who was likely to suffer great losses (or fines where applicable), should they refuse to pay them.”

The authors also expressed concern that the list of 32 regional breaches is probably inaccurate, since it does not list ransomware attacks that ended in payment of the routinely exorbitant demands.

Groups such as LockBit3 list over 1,000 victims on their official dark web leak site for 2023, indicating that ransomware groups have become far more aggressive than seen in previous years and companies and organisations alike are in fact paying the ransoms.”

That conjecture is supported by the increase in ransoms paid in 2023, usually in some form of cryptocurrency.

“According to researchers at Chainalysis.com, the amount paid in ransoms for 2023 amounted to a staggering US$1.1 billion. This figure is almost double the amount paid in 2022 which totalled US$560 million.”

It’s notable that the breaches reported in Trinidad and Tobago were largely found on the dark web after ransoms were not paid and stolen data was released to the public.

The local fuzziness around ransomware is only made worse by the national disinclination to be open about these incidents.

In January, Minister of National Security Fitzgerald Hinds told a workshop hosted by his ministry, Caricom IMPACS and the EU that between 2019 and 2023, the TT Cyber Security Incident Response Team had recorded 205 successful cyberattacks with 52 of them occurring in 2023 alone.

There was no clarity about what the TTCSIRT logged as a successful cyberattack.
Were these attacks that were successful at penetrating a company’s digital security measures?

Were they cybersecurity attacks resulting in the infection of a secured computer system? Attacks that resulted in a data breach of sensitive data?

Attacks that breached secured systems, infiltrated them and suffered exfiltrated data and subsequent ransomware demands?

I ask this, because TechNewsTT, like many websites, is under almost continuous daily probing by dictionary password attacks, code injection intrusions and DDOS attempts.

Once a week, I need to specifically block an IP address for sustained and unrelenting efforts (200 or more attempts in less than an hour) to breach the website’s security systems.

Every attack is unnerving, but there is a steadily escalating scale of severity that this country is not capable – even in the face of widespread public concern – of assessing and tabulating in any meaningful way.

The TTCSIRT generally does not respond to requests for information from this columnist and when a response is given, its brevity approaches haiku.

It’s possible that the TTCSIRT is only reflecting what it is given, which is precious little from companies affected by cyberattacks.

Ransomware groups are unconstrained by geography, bureaucracy and certainly not by pride. They are also largely unconcerned about law enforcement.

Within days of a collective effort by international law enforcement agencies to shut down the darkweb presence of LockBit3, the ransomware group was back at a new onionsite link and posting fresh data, including a dump it alleged was exfiltrated from the FBI.

Local victims have overwhelmingly chosen to be respond to these incidents with a digital omerta until confronted with undeniable evidence of the breaches.

That’s a nonstop ride to where we are now. Nowhere.

How should business and government embrace AI?

How should business and government embrace AI?

"Very few people in the world can quantify the fiscal value of AI." - Anton Alexander
Read More
How influencer marketing works in the Caribbean

How influencer marketing works in the Caribbean

You have to really trust in this influencer to represent your brand, to be an advocate, to be the voice of your brand.
Read More
Yes, a website is work. Yes, it’s worth it

Yes, a website is work. Yes, it’s worth it

AI tools suck up the content of creators across the open internet, turning their work into a pudding of responses in search.
Read More
No more fire in these wires

No more fire in these wires

FireWire effectively died with MacOS 26 Tahoe, when Apple removed the drivers that enabled the OS-level connection to its operating system.
Read More
What the heck is chip binning?

What the heck is chip binning?

Instead of manufacturing multiple versions of a processor with different numbers of active cores, manufacturers create one master processor and then test the yields.
Read More
Solving the region’s journalism problem

Solving the region’s journalism problem

There's formulaic approach to the content that we produce that sometimes totally denies or is ignorant of audience interest.
Read More
Tambini to journalists: “Keep doing what you’re doing”

Tambini to journalists: “Keep doing what you’re doing”

There are lots of international standards to support that idea of the state supporting the media, but that support is often abused, so it has to be based on real...
Read More
How do we unfetter journalism from the shackles of business?

How do we unfetter journalism from the shackles of business?

Journalism must dissect information, deepen the understanding of it and bring clarity to the news consumer.
Read More
What the Canvas hack tells us about higher education software

What the Canvas hack tells us about higher education software

Instructure is managing a very different proposition than most software vendors do. It has positioned itself as an education partner managing a wide range of integrations with education software tools.
Read More
Ghost women in AI? Hardly!

Ghost women in AI? Hardly!

"When I first came out of university a million years ago, everybody was like, why build something here? Just take what's in Europe, lift and shift. That has been the...
Read More
IShowSpeed: Here and gone

IShowSpeed: Here and gone

Watkins has 53 million subscribers on YouTube and his Trinidad and Tobago visit alone clocked 4.8 million views for a five hour and 47 minute stream.
Read More
How TT journalists can turn modern media realities to advantage

How TT journalists can turn modern media realities to advantage

The faceless, anonymized journalist adhering to a house style holds little value for this next generation audience.
Read More
Reuters report on young news readers holds no surprises

Reuters report on young news readers holds no surprises

The critical 18-34 age group recorded a decline in enthusiasm for daily news from 79 percent in 2017 to 64 percent in 2025
Read More
The state of ransomware in the Caribbean

The state of ransomware in the Caribbean

The report counted 21 confirmed dumps of information to the dark web, but Parasram estimates that twice that number were breached.
Read More
Digital döstädning

Digital döstädning

You may not care after you're gone, but a computer desktop littered with file icons is nobody's idea of a good time.
Read More
The garbage infesting my in-box

The garbage infesting my in-box

Do not click on links before fully investigating them. Do not call given phone numbers.
Read More
TSTT’s payments problem (updated)

TSTT’s payments problem (updated)

Something seems to have collapsed in what should be an efficient, all-digital payment and verification loop.
Read More
Is Apple’s Neo the One?

Is Apple’s Neo the One?

Ease of repair puts a firm hand on the scale in favour of the Neo for parents looking for a laptop suitable for use in education.
Read More
Privacy and your travel information

Privacy and your travel information

A privacy notice to let individuals understand what data is being collected, the legal reasons, retention period, security to protect data and a contact for any questions should have been...
Read More
TATT announces ambitious three-year strategic plan

TATT announces ambitious three-year strategic plan

The authority's two-decade-old arguments for a fee from over-the-top (OTT) providers has consistently drawn a blank, but it remains on the strategic agenda.
Read More
How should business and government embrace AI? How should business and government embrace...
How influencer marketing works in the Caribbean How influencer marketing works in the...
Yes, a website is work. Yes, it’s worth it Yes, a website is work. Yes,...
No more fire in these wires No more fire in these wires
What the heck is chip binning? What the heck is chip binning?
Solving the region’s journalism problem Solving the region’s journalism problem
Tambini to journalists: “Keep doing what you’re doing” Tambini to journalists: “Keep doing what...
How do we unfetter journalism from the shackles of business? How do we unfetter journalism from...
What the Canvas hack tells us about higher education software What the Canvas hack tells us...
Ghost women in AI? Hardly! Ghost women in AI? Hardly!
IShowSpeed: Here and gone IShowSpeed: Here and gone
How TT journalists can turn modern media realities to advantage How TT journalists can turn modern...
Reuters report on young news readers holds no surprises Reuters report on young news readers...
The state of ransomware in the Caribbean The state of ransomware in the...
Digital döstädning Digital döstädning
The garbage infesting my in-box The garbage infesting my in-box
TSTT’s payments problem (updated) TSTT’s payments problem (updated)
Is Apple’s Neo the One? Is Apple’s Neo the One?
Privacy and your travel information Privacy and your travel information
TATT announces ambitious three-year strategic plan TATT announces ambitious three-year strategic plan

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

RELATED POSTS