Recently, the Finance Ministry in Singha Durbar faced a serious cyber security challenge. A foreign hacker called the ministry's landline and threatened to make all the details public if the money was not paid.

'It was not a question of paying the hacker, we immediately sought the help of the National Cyber ​​Security Center,' said a ministry official. 'The center's engineers re-routed the traffic and made the system secure.' 

The official said that the center had transferred the ministry's network and server to an alternative secure server. 'We did not pay any money to the hacker. But we have heard that threats that the system has been hacked in this way and that if the money is not paid, we will sell it on the dark web are also becoming common in other government agencies. This is causing problems in the security of the digital system and the continuity of services.' 

In the past year, self-proclaimed hacker groups like Kaju, Ghudra, Midnight Ops Nepal, and Shadow Leak have attacked websites and systems of agencies like Nepal Police, Hello Government, Election Commission, National Identity Card Department, and Nepal Medical Council, and attempted to steal and sell data. Sensitive details like citizenship, passport, photo, phone number, email, and address of service recipients were stolen from the information systems of government agencies and some banks and other organizations and put up for sale on the ‘dark web.’

Last year, a hacker group named ‘Kaju’ claimed to have access to the main server and database of Nepal Police and announced that it had stolen data of more than two million Nepalis. The hackers demanded a ransom from the police to return or not make the data public. When the demand was not met, they put up all that data for sale on dark web platforms like ‘Bridge Forum’ for 7,000 US dollars.

A study conducted by the Ministry of Finance in Falgun to address technical problems and cybersecurity risks in the government financial system has revealed serious weaknesses in government systems. The ‘Systemic Reform Suggestion Committee Related to Public Finance Management in the Ministry of Finance and its Subordinate Bodies’ has prepared a report on this subject. According to it, some of the information technology equipment and security mechanisms used in the ministry and its subordinate bodies have reached the ‘end of support’ or ‘end of life’ stage, posing a risk to the continuity and security of services. 

The report points out that the government information technology system is ‘vulnerable’ due to excessive dependence on external service providers in software and system development, use of proprietary software, and lack of ownership of ‘source code’. ‘Timely renewal of licenses of cyber security systems including firewalls for data storage and protection of stored data, regular maintenance of equipment, and system health checks have not been observed,’ the report says. ‘This has created a risk to the security, stability, and reliability of service delivery of information systems.’ 

Government information systems are subject to cyber attacks from time to time, and this has also created a situation where the regular operation of those systems is disrupted, the report states. The report considers the excessive dependence on external service providers, i.e. vendors or consultancies, for the development, operation, maintenance and upgrading of information technology systems in the Ministry of Finance and its subordinate bodies as a challenge.

 ‘There is a lack of specialized human resources in areas such as network administration, database management, and cyber security in government organizations,’ the report says. ‘Proprietary software systems are purchased in government organizations with the help of development partners. Since these systems are purchased without source code, there is a situation where they have to depend on vendors for modification, upgrade and troubleshooting.’ 

In view of these various reasons, when cyber security challenges are increasing and keeping in mind the risks seen in bodies such as the Ministry of Finance, the National Cyber ​​Security Center has issued a ‘Special Advisory to Prevent Ransomware Attacks’ this week. It provides information about the nature of malicious software, its impact, the way it is attacked, and ways to avoid it.

‘In recent days, incidents of ransomware attacks on information technology systems have been increasing significantly,’ the advisory states, ‘The advisory has been issued with the aim of making the general public aware of the possible damage caused by such attacks.’

This was made public in accordance with the plan to issue advisories quarterly under the budget program for the current fiscal year, said Rajkumar Maharjan, spokesperson for the Cyber ​​Security Center. However, he noted that ransomware incidents are affecting government agencies, private organizations, and the general public.

‘Hackers have also been sending malware links to ordinary people, hacking their social networks and demanding money,’ said Maharjan, spokesperson for the center. ‘Such attacks not only disrupt important data and institutional services, but also can seriously affect privacy by stealing sensitive information.’

Maharjan said that this risks causing financial losses to users, as well as great mental stress and disrupting the daily operations of offices. ‘Such attacks are usually caused by suspicious attachments in emails, links on social media, and pirated software downloaded from unsafe sources,’ he said. ‘If the operating system and other software used are not regularly updated, and if appropriate security systems such as antivirus are not used, one can become a target of ransomware.’