Page:Ransomware Attack on the Servers of The Hong Kong Institute of Bankers.pdf/3

 In August 2019, the Government Computer Emergency Response Team Hong Kong issued a high threat security alert on the Vulnerability, advising organisations to patch any affected systems immediately. If no patch could be deployed immediately, users should disable SSL VPN until the vulnerable systems have been patched. Subsequently, in December 2020, the Hong Kong Computer Emergency Response Team Coordination Centre also reminded the corresponding local network providers and organisations to take appropriate remedial measures against the Vulnerability as soon as possible .

In January 2021, HKIB implemented work-from-home arrangements in response to the local outbreak of COVID-19 pandemic, and activated the SSL VPN of the Firewall to allow some of its employees to remotely access the systems during the work-from-home period. However, the Vulnerability remained unpatched before the Incident.

On the morning of 30 December 2021, frontline staff of HKIB discovered that the Servers could not be accessed as usual. After being notified, the Information Technology (IT) Department discovered that the files in the Servers had been maliciously encrypted by ransomware. After preliminary investigation, it was believed that the Servers suffered from cyberattack. It was subsequently found that in addition to the Servers, computers and backup data of HKIB were also encrypted by ransomware.

Affected Personal Data

HKIB estimated that personal data of over 13,000 members and about 100,000 non-members were affected in the Incident. Apart from names, contact information, names of employers and job titles, some individuals' 