Cyber Incident Victim: ANSA McAL

In October 2020, ANSA McAL, the Caribbean’s largest conglomerate, experienced a significant ransomware attack attributed to the REvil cybercriminal group. The incident disrupted operations at Tatil, ANSA McAL’s insurance subsidiary and Trinidad and Tobago’s largest insurer, effectively stalling work for approximately two weeks as the company’s IT department worked to identify and remove the ransomware from its servers. The attack involved REvil operators encrypting portions of the conglomerate’s IT systems and holding them hostage, though specific compromised systems or departments beyond Tatil were not detailed in available reports. The operational paralysis at Tatil highlighted the attack’s immediate impact on critical business functions. Public confirmation of the incident emerged on October 21, 2020, when REvil operators escalated their campaign by leaking stolen data.

The attackers exfiltrated and publicly dumped a substantial volume of ANSA McAL’s data, including over a dozen screenshots of internal files and an archive containing nearly 13 gigabytes of compressed company data. This data release, confirmed by cybersecurity researchers and journalists, demonstrated the breach’s scope beyond system encryption to include confirmed data theft. While the precise content of the leaked files was not itemized in available sources, the volume and inclusion of file screenshots suggested exposure of operational, financial, or proprietary information. The IT response focused on expelling the ransomware and restoring systems, though no public details were provided regarding ransom negotiations, payment, or broader recovery timelines across ANSA McAL’s diversified business units. The incident underscored REvil’s continued targeting of large regional enterprises, leveraging both system disruption and data exposure to maximize pressure on victims.