Cyber Incident Victim: Fiji Government

On April 12, 2021, disruptions to Fiji’s government online services were first reported via FijiVillage’s Facebook page, specifically noting outages affecting GovNet sites and the COVID-19 vaccination registration portal. Two days later, on April 14, Attorney-General and Minister for Communications Aiyaz Sayed-Khaiyum publicly confirmed a cyber attack had caused the service interruptions, including impacts to GovNet and other government networks. The government implemented precautionary measures to protect network integrity, leading to temporary disruptions across its digital infrastructure. Sayed-Khaiyum emphasized Fiji’s adherence to international cybersecurity standards, asserting this framework enabled an effective response to mitigate the incident’s impact. Initial reports did not specify the duration of the outages or the full scope of affected systems beyond the vaccination portal and GovNet.

The ransomware group Sodinokibi (REvil) subsequently claimed responsibility for the attack, listing Fiji GovNet on its dedicated leak site and threatening to publish stolen data unless contacted. The group posted screenshots of directories and files allegedly exfiltrated from government servers, though the exact nature and sensitivity of these documents were not disclosed in available reports. By the time of Sodinokibi’s announcement, the COVID-19 vaccination registration site appeared operational again, though official confirmation of full service restoration was not provided. The government did not publicly address whether negotiations occurred with the threat actors or if data was ultimately leaked. Incident reporting highlighted the disruption’s timing during a critical public health initiative but did not quantify operational or financial consequences beyond the temporary network shutdowns and reputational risks posed by the data theft claims.