Bermuda recently became the latest victim of a cyberattack with ties to Russian threat actors. The breach was discovered in the island nation’s public infrastructure on the night of September 20, 2023. The attack, which began on the night of September 20, 2023, has severely impacted Bermuda’s public infrastructure, with recovery efforts expected to extend for several weeks.

A formal statement was released on September 21, 2023, followed by a press appearance by Bermuda’s Premier, Mr. E. David Burt, on September 25, 2023. In his statement, Mr. Burt attributed the attack to hackers based in Russia.

While official details remain scarce regarding the extent of the impact, reports indicate that multiple government departments were affected. The recovery process is ongoing, with progress made in restoring payroll and critical infrastructure. However, a complete recovery is expected to take several weeks.

Premier Burt cited national security concerns for not disclosing attribution information, revealing that neighboring countries also faced attacks.

An ongoing investigation is examining whether critical information was stolen in the breach.

Forthcoming Disclosure

Though it’s too early to confirm, the attack appears to follow a pattern of significant ransomware incidents perpetrated by Russia-based threat actors against neighboring countries over the past two years. Rick Mello, Chief Information Security Officer (CISO) of Sentinel Cybersecurity, commented that “All signs point to [a] ransomware attack,” based on the government’s response and recovery timeline.

These developments come as Bermuda prepares for the implementation of the Personal Information Protection Act in 2025, which will mandate the explicit reporting of cybersecurity events affecting citizens’ private information. It will also encourage greater collaboration between public and private entities and cross-border cooperation if deemed necessary.

Bermuda joins the list of Atlantic island nations targeted by cyberattacks linked to Russian threat actors. Mr. Burt has indicated that other Atlantic regions were affected but did not specify which ones.

While Bermuda’s government has yet to provide comprehensive details, expert opinion suggests a ransomware attack is the likely culprit. If confirmed, Bermuda would join the ranks of Haiti, the Dominican Republic, and Costa Rica as victims of such attacks, reflecting a broader trend of Russian threat actors targeting developing nations. These regions are increasingly considering regional “cyber-cooperation” as a solution to counter these threats.

Transparency has been limited in the name of national security, a stance set to change in 2025 with the introduction of Bermuda’s Personal Information Protection Act. The move toward increased transparency and information sharing aligns with recommendations from Bermuda’s Privacy Commissioner, Alexander White, and experts in the Caribbean and Latin American cybersecurity communities. These measures aim to bolster resilience in developing regions of the Western Hemisphere, where Russian ransomware groups like Conti and Cl0p have wreaked havoc since 2020.

The need for regional cooperation, especially among nations with smaller economies, arises from the fear of catastrophic scenarios like the 2017 Petya and NotPetya ransomware attacks.