** Exclusively on SXM Talks, articles by Ralph Cantave **
~ Sources: “GEBE’s IT department has not been audited for several years” ~
PHILIPSBURG – The public of St. Maarten remains in the dark due to a lack of information from the management of NV GEBE and the government about the ransomware that compromised the company’s data and system on Thursday March 17.
To date, the only update the public has received was that the main office and branch office remains closed until further notice. The public was also notified to not open any email or attachment from the company. NV GEBE was hit by a software virus, ‘BlackByte’ that also hit several companies locally and abroad. However, it appears that the drastic impact may have been avoidable. The former head of NV GEBE’s IT department, Merril ‘Jimmy’ Temmer, who is currently the temporary manager and the government’s appointed Chief Operating Officer, opted not to make any comment.
In a call for invited comment he stated, “My focus right now is to get GEBE back online at this point in time I’m not divulging any information.” The Minister of VROMI, Jurendy Doran, also stated that he would rather not make a comment when questioned during the Council of Ministers press briefing. According to Temmer’s LinkedIn profile, he’s been in GEBE’s ICT department since 1990 and served as ICT manager since 2013. Temmer also served as an ICT consultant for Innovative Consultants Group from 2007 to 2018 where his work included ICT due diligence, system administration support and disaster recovery consultancy.
While management and government opted to remain silent, reliable sources were willing to shed light on the situation which one deemed as “beyond sad.” They allege that the company’s IT department was not audited for several years. IT audits examine and evaluate an organization’s IT infrastructure, data use and management, applications, procedures or policies and operational processes. These audits would lead to recommendations for adjustments in the company’s vulnerability and updated training for staff.
Warnings on Blackbyte was given in February 2022, by the United States Cybersecurity and Infrastructure Security Agency which published an advisory indicating BlackByte “encrypts files on compromised Windows host systems, including physical and virtual servers.” This virus is also one that can be purchased online.
In addition to not being audited, the sources stated that the external backup was connected to the main server which led to the company’s data being irretrievable. This includes payroll, client information, commercial and finance, distribution and many key components of NV GEBE’s administration and services. Presently GEBE uses an outdated SAP system which the company who provides it, no longer carries. It is unclear how this will affect operations in the long term and the financial cost of adapting a new system.
The company is unable to initiate purchase orders, install meter connections, and workers are left with little to no work. Despite the hack, NV GEBE requested all employees to report to work. One source stated that the ransomware started affecting the company when workers came in to work on the 17. However, requests were made prior to BlackByte to upgrade the company’s system. Employees of the company using Microsoft noted requests for upgrades and inquired about when will it would take place. Their request was prolonged and they were told to wait. A patch was launched last year by Microsoft for persons/entities to download or update. Patches are corrections to fix or protect against malicious software.
Sources also confirmed that access to malicious and inappropriate sites are open which are usually blocked as an industry standard for corporations. These sites leave room for malware and the restrictions are put in place for employee and company protection. One source expressed that the current virus scanner’s firewall may have been weak. A full briefing was not shared with staff besides a “vague memo” telling workers to use the time for filing and organizing their desks.
Several claims remain to be verified however the brief Facebook updates posted by NV GEBE do not give any insight to the ongoing disruption. Several questions posed in the press briefing such as whether the company had cybersecurity insurance or external backups remain unanswered.
The financial impact and accountability for possible IT compromises also remain to be unknown. Among these, concerns are whether business interruption insurance covers cyber attacks and what is the company’s contingency plan for cyber attacks following IT audits?
This is a developing story.
By Ralph Cantave
Rasonware is a virus that encrypts an entire system, it does not delete or destroy it, it simply leaves a BlackByte_restoremyfiles.hta note, where the payment instructions are. The criminal figure is the closest thing to an extortion, since the key to decrypt it has a very high price, this is what these criminal organizations feed on. These hackers in teams, and sometimes they work for countries, just like the former privateers, they have immunity in the host countries. The solution is difficult, you have to pay the ransom, otherwise the data will be lost. The FBI has revealed that the BlackByte ransomware group has accessed the network of at least three organizations belonging to critical infrastructure sectors in the United States in the last three months. I am very sorry, it will be necessary to create an adequate backup system in the future, I suggest using the dry network method, in order to avoid the entry of computer intruders.