A serious cybersecurity incident has recently shaken Thailand's public sector. Devman, a ransomware group, recently hacked the Thai Ministry of Labour’s website, stealing over 300 GB of sensitive data and causing an estimated $15 million in damage, according to reports from the Extreme IT page.
Who is Devman?
Devman is a ransomware group known for encrypting victims' files using unique extensions like .yAGRTb or .DEVMAN. After compromising systems, they demand a ransom in exchange for decryption.
Scope of the Breach
According to a message that previously appeared on the "/devman" page of the Ministry of Labour’s website (which is now no longer accessible), the Devman group claimed the following:
- Hackers stole over 300 GB of data
- ~2,000 staff laptops were encrypted
- Windows and Linux servers were compromised
- Active Directory was completely wiped
- Tape backups were destroyed
- Classified documents and foreign visitor data were leaked
Hackers were able to infiltrate the system while the main website remained fully operational, demonstrating the sophistication of the attack. However, the specific page "/devman", which had displayed the group’s message, has since been taken down.
What This Means for Organizations
This incident serves as a wake-up call for both public and private sectors. It underscores the need for:
- Deploy ransomware protection with behavior-based detection
- Back up data separately in systems that are not connected to the main network
- Regularly update operating systems and security patches
- Train employees to recognize and respond to modern cyber threats
Cyber Alert: A Case to Watch
The recent cyberattack on the Ministry of Labour’s website marks a major incident that directly impacts a Thai government agency and has sparked widespread discussion online. It has raised serious concerns about the cybersecurity posture of government institutions and the potential exposure of sensitive personal data belonging to Thai citizens.
This incident serves as a crucial reminder that cyber threats are no longer distant risks. It is now essential for all sectors—government, private organizations, and individuals alike—to step up their defenses and prepare for increasingly sophisticated cyberattacks.