Kuwait isolates some government systems following attack on its Finance Ministry

The government of Kuwait is in the process of recovering from a ransomware attack that affected its Ministry of Finance.

The ransomware attack began on September 18 and government officials immediately tried to separate and shut off affected systems.

Officials sought to preempt concerns that workers would not be paid, reiterating that payment and payroll systems were on a separate network.

In an update on Monday, the Ministry of Finance said the country’s National Cyber Center has been working around the clock to address the issue and has brought in help from cybersecurity companies as well as other unnamed governments.

“Since the first day of the cyberattack, we have been isolating the systems of the Ministry of Finance from the rest of the systems of government agencies, and the ministry formed a technical team consisting of several entities, including the National Center Cyber, with the help of a specialized and reliable international company,” the government said.

“The Ministry of Finance confirms that all data on workers’ salaries in government bodies are stored in the Ministry’s systems, and financial transactions are recorded. All government agencies are continuing and operating normally.”

On Monday morning, the Rhysida ransomware gang added the ministry to its list of victims, giving the government seven days to pay an undisclosed ransom.

The gang recently drew headlines in the U.S. for its devastating attack on Prospect Medical Holdings – which operates 16 hospitals in several states and was forced to redirect ambulances as a result of the incident.

The group has made a point of going after governments, recently targeting systems in Chile and Martinique.

Kuwait, a country of more than 4 million nestled along the Persian Gulf in between Iraq and Saudi Arabia, is just the latest government to deal with a ransomware attack.

Last week, the governments of Colombia and Bermuda announced ransomware attacks that affected services and limited operations.

The attacks come the same week as the U.S. National Security Council urged the governments of multiple countries to pledge never to pay ransomware hackers.

Last year, several Ikea outlets in Kuwait were targeted by the Vice Society ransomware gang – which researchers believe may have ties to Rhysida.

Jonathan Greig

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.