HomeTeamNS hit by ransomware attack on Feb 25

Singapore’s non-profit organisation, HomeTeamNS, on Monday, reported that access to some of their servers was affected by a ransomware attack on February 25. 

It added that the affected servers were immediately disabled and isolated from the IT network.   
 

The servers contained some data of the organisation’s employees and ex-employees, and the vehicle details of some members and affiliate members.  

Currently, there was no evidence of data extraction from the servers and that the situation was being monitored closely, a statement by the organisation said. 

HomeTeamNS was set up to recognise the contributions of national service men (NSmen) from Singapore Police Force (SPF) and Singapore Civil Defence Force (SCDF).  

With a membership base of over 260,000 NSmen, the organisation runs four clubhouses and organises various social activities. 

HomeTeamNS added that it engaged third-party cybersecurity experts to investigate and remediate the incident, and that they were also working with the police and the Cyber Security Agency of Singapore (CSA) to investigate and remediate this incident.  

The passwords of all the administrative accounts have been changed, and security scans and firewalls have been further enhanced to strengthen our network security, the statement said. 

To subscribe to the GovInsider bulletin click here. 

Those who have been affected by the cyberattack have been contacted, said HomeTeamNS, and they were getting help in protecting themselves from phishing or unauthorised transactions and to minimise the impact from the incident. 

Persistent form of cyberattack 

Ransomware attacks, in which malicious actors breach a server and encrypt files and then demand money (ransom) in exchange for unlocking the files, is one of the most common and persistent forms of cyberattacks globally. 

However, better law enforcement has made a dent on the attacks. According to data from the US Cyber Threat Intelligence Integration Center (CTIIC), international law enforcement operations slowed the year-to-year rate of increase in reported ransomware attacks in 2024 to just 15 percent, compared with a 77-percent annual increase in 2023.  

The report, however, mentioned that in the second half of 2024, the emergence of new and rebranded ransomware variants overlapped with an uptick in attacks, underscoring the resilience of the ransomware threat. 

In May last year, Singapore law firm Shook Lin & Bok said it engaged a cybersecurity team after it was hit by a ransomware attack in April. The incident was reported to the police, the CSA and the Personal Data Protection Commission Singapore. 

In a recent interview with GovInsider, the Director of CTIIC, for the for National Intelligence in the US, Laura Galante, had noted that many ransomware attacks exploit known vulnerabilities and poor security practices, such as the use of default passwords, highlighting the need for better cyber-hygiene.  

An example of this was the ransomware attack on Indonesia’s Temporary National Data Centre (PDN)-2, in June 2024, which paralysed many government services in the country and was later traced to password negligence.   

In the Singapore context as the CSA noted, organisations most affected comprised small and medium-sized enterprises (SMEs) in the manufacturing and retail sectors.  

These figures, however, are not likely to represent the full extent of the ransomware threat as not every victim will report an attack, CSA said.