By Political Desk

Nukuʻalofa — A ransomware attack that disrupted systems at Tonga’s Ministry of Health last year has now been formally attributed to an affiliate of a major international cybercrime group, in a joint move by Australia, New Zealandand Tonga.

After months of investigation, authorities from the three countries say the June 2025 attack was carried out by Roman Khubov, an affiliate of the ransomware group known as INC Ransom, which has been linked to cyber attacks across Australia and New Zealand.

The group is accused of targeting organisations in ways that threaten essential services and livelihoods.

The findings have been released through a joint cyber security advisory that will also be distributed across the Pacific region to help organisations strengthen their defences against similar attacks.

Health Systems Targeted

The cyber attack targeted Tonga’s Ministry of Health, highlighting the growing vulnerability of critical government services to ransomware operations.

Health systems are frequent targets for cyber criminals because they store sensitive personal data and rely heavily on digital infrastructure.

Authorities say the attack involved malicious digital infrastructure used to steal data from the ministry’s systems.

Investigators say the infrastructure used during the attack was controlled by Khubov, according to the joint advisory issued by the three governments.

Regional Cyber Response

Officials say Tonga worked closely with Australia to respond to the attack under the Cyber Rapid Assistance for Pacific Incidents and Disasters (RAPID) program.

The initiative allowed cyber specialists to help contain the attack and restore affected systems so healthcare services could continue operating.

The advisory released this week also provides guidance for organisations on how to better protect sensitive data and computer networks from ransomware groups.

Media organisations across the region have been encouraged to help circulate the information to strengthen cyber awareness.