PHILIPSBURG–-Prime Minister Silveria Jacobs stated on Thursday in Parliament that NV GEBE is “legally not permitted at this time” to divulge any information regarding the case filed against the company that investigated the March 17, 2022, cyber-attack on GEBE.
The civil docket hearing of Tuesday March 21 of the Court of First Instance mentions under case number SXM202300051 a law suit of NV Gemeenschappelijk Elektriciteitsbedrijf Bovenwindse Eilanden GEBE against Aurora InfoTech LLC. The case is in the preliminary stage.
Aurora InfoTech concluded in its Cyber Threat Intelligence and Incidence Response Report on the attack on NV GEBE that the March 17 BlackByte Ransomware Attack on NV GEBE successfully infiltrated, propagated and impacted the utility company’s IT network due to its “lax security posture at the time”.
The report was presented to the management and board of NV Gebe on June 14, three months after the ransomware attack. The investigators noted that there was limited monitoring and management of the IT environment for security related incidents. Little to no patch management was taking place, and there were limited security protections on servers, endpoints, or the Fortinet firewalls, whose FortiGuard Security Subscriptions had expired. “That, combined with the organization’s limited resources with cybersecurity knowledge, contributed to a scenario ripe for exploitation by BlackByte and other cybercriminal entities.”
Roy Richardson of Aurora InfoTech warned GEBE management to be extra vigilant in protecting its information technology systems, data, and digital assets, pointing out that it may be faced with repeat attacks: 80% of impacted organizations are likely to experience repeat cyberattacks, statistics show.
The cyberthreat landscape is everchanging and NV Gebe’s security posture must keep pace by continuously adapting, Richardson concluded.
Richardson and his legal representatives have not responded to questions from The Daily Herald about the aanklacht brought against Aurora InfoTech.