HomeTeamNS hit by ransomware attack
And why it has engaged external cybersecurity experts to investigate.

HomeTeamNS was hit by a ransomware attack. What does it mean, and why has it engaged external cybersecurity experts to investigate?
Some servers belonging to HomeTeamNS were affected by a ransomware attack on 25 Feb, which is currently investigated by third-party cybersecurity experts.
Ransom-what?
Ransomware is computer malware that surreptitiously encrypts files on an infected server. It then demands a ransom in exchange for unlocking the data.
Ransomware isn't new. But it has proved to be a challenging scourge to eradicate. And with growing digitalisation, its impact keeps growing.
Last year, Indonesia's Temporary National Data Centre (PDN) was compromised by a hacking group which infected it with ransomware, paralysing multiple agencies.
Ransomware evolution
Some might argue that with adequate backups, ransomware would not be a problem. But it isn't that simple.
As I wrote last year, cybercriminals can extort a stolen set of data up to π― ππΆπΊπ²π:
- Original extortion. Pay or your data is toast.
- Double extortion. Pay or we'll publish it online.
- Ransomware 3.0. Go after individual victims to threaten the privacy of their data.
In this case, the servers are understood to contain data of employees and ex-employees, as well as vehicle details of some members, affiliate members.
So, not too bad.
A thorough investigation
Of course, it doesn't answer the question about how the ransomware got in.
That's what the external cybersecurity experts are there for. To determine how the hackers snuck in, close those holes, and fix all the systems they compromised ("remediation").
Moreover, some hackers are known to plant backdoors or additional malware on compromised servers that can be activated months or years later.
What the external investigators can do will depend heavily on the cybersecurity solutions and log files in place - as well as the skill of the hackers in hiding their tracks.
A forensic reconstruction will determine:
- Entry point.
- Attack timeline.
- Lateral movement.
- Persistence mechanism.
- Evidence of data exfiltration.
However, all these will take time.
While it might be better to keep quiet until investigations are concluded, this must be balanced against notifying potential victims whose data might be exposed.
Hence the disclosure today.