PHILIPSBURG–The Prosecutor’s Office OM SXM and St. Maarten Police Force KPSM have not been able to effectively investigate the BlackByte ransomware attack on St. Maarten’s sole utility company GEBE, “due to NV GEBE’s non-cooperative attitude.” This is evident from a press release sent out by KPSM on the limited results of the “Freya” investigation.
A cyber-attack on GEBE was discovered on March 17, 2022. A message in the computer system indicated that the company had been hacked by “BlackByte”, an organisation that focuses on stealing and encrypting data, mainly from companies (ransomware). As a result of the hack, the entire customer database, financial data and other business data were encrypted.
During their investigation, OM SXM and KPSM were unable to establish sufficiently what the actual danger to St. Maarten has been due to the hack. “Due to NV GEBE’s non-cooperative attitude, there had been no access to the hacked computer system at any time,” the investigators stated. “Therefore, the “Freya” investigation could not establish what were the exact risks for the country and clients of GEBE; who was behind the attack; and the dangers for the future.”
OM SXM and KPSM have closed the “Freya” investigation and delivered their report on the ransomware attack, “Bestuurlijke rapportage ransomwareaanval”, to the Government of St. Maarten, the shareholder of this public-owned entity.
The report includes interviews with GEBE staff members and other relevant information from the Kingdom Detective Cooperation Team RST.
Ransomware attacks can happen to any organisation, but they are becoming more frequent in the energy and utilities sector. According to United States technology watchdog NextGov.com, between 2018 and 2020 10% of ransomware attacks that occurred on industrial and related entities targeted electric utilities. Further, cyber attackers took advantage of the chaos caused by the COVID-19 pandemic to ramp up attacks.
Ransomware or hostage software is the most lucrative form of cybercrime worldwide. The ransoms demanded regularly run into millions of dollars. The extortion of organisations earns criminal groups hundreds of millions of dollars.
The investigation by OM SXM and KPSM centred on the security risks that have occurred at GEBE as a result of the March 17 incident. “St. Maarten’s vital infrastructure is the foundation of society,” the criminal investigators stated. “The interconnectivity, small scale and dependence on country’s infrastructure mean that the failure of vital infrastructure such as the only energy company has an immediate social impact.”
The “Freya” investigation report was intended to enable the government and its related entities to take appropriate measures.
In an invited comment, Prime Minister Silveria Jacobs said she could not comment because she was not yet familiar with the conclusions of the investigating entities. “I have to see it before I can comment,” Jacobs said.
The Daily Herald received no reply after sending Jacobs the press release from KPSM and OM SXM. Minister of Justice Anna Richardson could not be reached for comment. Minister of Finance Ardwell Irion referred to Prime Minister Jacobs and Minister of Public Housing, Environment, Spatial Planning, and Infrastructure VROMI Egbert Doran. Efforts to reach Minister Doran, responsible for NV GEBE, proved futile.
During the Council of Minister’s press briefing on June 1, Doran (National Alliance) was asked whether the Prosecutor’s Office, in meeting with the minister, had explained the status of the hack and some of the measures needed to be taken, and whether measures would be taken against anyone at GEBE. Doran responded that he had not had a single meeting with the Prosecutor’s Office.
“I don’t have any update with regard to criminal or potential criminal charges,” said Doran. “That was never even brought to my attention. Ever. I just heard it several times while you enquired about it, but that hasn’t been brought to us in any sort of fashion. Not in writing, not verbally, or anything.”
During the June 10 public meeting of Parliament, Minister Doran verbally answered questions submitted by Member of Parliament (MP) Melissa Gumbs, representing Party for Progress. One of several questions about the functioning of NV GEBE since the March 17 ransomware attack concerned an in-depth audit regarding GEBE’s information and communication technology (ICT) and IT network infrastructure and department.
“If an audit was conducted, which were the critical points of attention identified and how will GEBE address them. If no, why not? And is planning on the way to conduct such an audit?”
Doran answered that no in-depth audits had been conducted over GEBE’s IT infrastructure network. The company’s internal audit department over the past year submitted its internal audit plans in which the ICT department was subject to be audited.
However, “The internal audit department does not have the capability to audit said processes, as the department does not have an EDP IT auditor,” Doran said. “As a result, the IT audit will have to be outsourced. The necessary preparation was made; however, approval remained pending.”
As a Member of Parliament, Sarah Wescot-Williams (Democratic Party) expects the government to address the non-cooperation with the Freya investigation urgently.
“It behoves Parliament to call on the government to come clean and clear on this matter,” she said. “It is mind-boggling that this matter was allowed to reach to the point of the report being delivered by the OM/KPSM with an important part missing due to the alleged lack of cooperation from the company itself. And I say ‘allowed to reach’ because it is impossible that this matter did not reach the shareholder of GEBE before the report was issued.”
MP Ludmila de Weever (United People’s Party), a former financial auditor and former business analysis advisor at NV GEBE, said, “Being non-cooperative is the last thing a government-owned company wants to be, especially when it is government that ultimately is responsible.”
President of Parliament and UP faction leader Grisha Heyliger-Marten supports De Weever’s view, who further stated: “The people deserve honest answers to the issues plaguing GEBE and security that they will have uninterrupted power supply. In addition, the employees need an environment where they will thrive and provide the best service to their country.”
Wescot-Williams said she can only assume that the investigation was launched with the knowledge of the “owner” of the company, the government of St. Maarten, which should have ensured that the people of St. Maarten received good insight into this attack on a government company.
“It’s unfortunate that we could not make use of the expertise which the OM/KPSM would have had to employ to thoroughly investigate this cybercrime, due to lack of cooperation from the company,” Wescot said.
“The parliament and people of St. Maarten are left with many unanswered questions regarding this ransomware attack on our utility company and regarding cyber-attacks on vital institutions and the St. Maarten government itself. We are nowhere closer to knowing how resilient we are in the face of cybercrime that is becoming more sophisticated and daring.”
Independent MP Christopher Emmanuel said he is not quite sure what the prosecutor means by a non-cooperative attitude. He said he cannot comment on it at this point in time. However, it does, once again, call for transparency at all of the government-owned companies.
Party for Progress MP Melissa Gumbs said her faction is trying to gather more information regarding the investigation prior to issuing a statement.
MP George Pantophlet (National Alliance) could not be reached for comment.
Source: The Daily Herald https://www.thedailyherald.sx/islands/gebe-non-cooperative-with-prosecutor-in-ransomware-cyberattack-investigation
Now even the justice apparatus concludes that directors and management of GEBE are criminals.
Unfortunately the politicians are not yet convinced. The eat from the bribes.
Everybody on our island knows that the complete top of the company should be sacked and set in prison.
But, no, let’s wait till the next ransom event…