Cyber Incident Victim: Papua New Guinea Finance Ministry

A ransomware attack targeted Papua New Guinea’s Department of Finance on October 22, 2021, occurring in the middle of the night and compromising a core server critical to government financial operations. The incident briefly disrupted essential functions, including access to foreign aid disbursements, processing of cheque payments, and other routine financial activities. These disruptions occurred during a period of heightened COVID-19 cases in the country, exacerbating operational challenges. The compromised server managed budgeting and financing systems for the entire Papua New Guinea government, indicating the attack’s broad potential impact on national fiscal operations. Officials confirmed the infiltration hindered basic departmental workflows but did not elaborate on the ransomware variant or initial attack vector. Acting Treasurer John Pundari publicly addressed the incident on October 21, 2023, confirming the breach while emphasizing that no ransom payments were made to attackers or third-party intermediaries.

Technical teams fully restored the compromised systems following the attack, though authorities maintained restricted access to the affected network as a precautionary measure. Pundari stated the department had “managed to restore normalcy” through recovery efforts but continued limiting system usage due to residual risks. The restoration process eliminated immediate operational disruptions but did not fully resolve security concerns, prompting ongoing network access restrictions. No additional details were provided regarding forensic investigations, data compromise scope, or whether threat actors exfiltrated sensitive information. The government’s public statements focused exclusively on service restoration and ransom non-payment without disclosing attack attribution or long-term mitigation strategies. Financial operations resumed without further publicized interruptions following the recovery efforts.