Financial Crime World

Financial Crime and Cybersecurity Risks Plague U.S. Virgin Islands Government Offices

A Tale of Two Incidents: Ransomware and BEC Attacks

The United States Virgin Islands government has faced a significant setback in its efforts to protect sensitive information and prevent financial losses due to two separate cyberattacks. The first attack, a ransomware incident targeting the U.S. Virgin Islands Police Department (VIPD), occurred in April 2019. The second attack, a business email compromise (BEC) incident affecting the Water and Power Authority (WAPA), took place in May and June 2018.

VIPD Ransomware Attack

The VIPD ransomware attack resulted in the encryption of internal affairs records and citizen complaints, rendering critical public service software inaccessible for several weeks. Despite the attack, no sensitive information was stolen, and the department has chosen not to pay the demanded ransom. The FBI is now assisting with efforts to decrypt the corrupted files.

WAPA BEC Attack

In a separate incident, WAPA lost $2.3 million due to a BEC attack. The authority was tricked into wiring payment for fake invoices that appeared to be from a legitimate vendor. To prevent similar incidents in the future, WAPA has implemented cybersecurity training for employees focused on identifying phishing emails.

Growing Concern: Ransomware Attacks on State and Local Governments

The incidents in the U.S. Virgin Islands are part of a growing trend of ransomware attacks targeting state and local governments across the United States. As of May 2019, there have been at least 22 reported ransomware attacks against public sector organizations.

Best Practices for Prevention

To prevent such attacks, experts recommend following best practices, including:

  • Implementing the “3-2-1 rule” for data backups
  • Training employees to spot email threats
  • Limiting access to administrative tools and files

Cybersecurity Solutions for Detection and Blocking

Trend Micro, a leading cybersecurity solutions provider, offers a range of products designed to detect and block ransomware. These solutions use machine learning and other advanced technologies to identify and mitigate the risks posed by ransomware and phishing attacks.

  • Smart Protection Suites
  • Deep Discovery Inspector
  • Deep Security solution

Conclusion

The recent incidents in the U.S. Virgin Islands serve as a stark reminder of the importance of cybersecurity and the need for governments and organizations to prioritize data protection and incident response planning. By implementing robust security measures and staying informed about emerging threats, we can better protect ourselves against financial crime and cybersecurity risks.