Organisations received ransom demands .
Global media reports Thai hospitals and businesses have been hit by hackers. According to Reuters “Government hospitals and companies were hacked in the same manner as Saraburi Hospital,” Major General Phanthana Nutchanart, said, referring to a cyberattack earlier this month.
The Business Times reported some organisations received ransom demands have “already paid to retrieve data, in sums not exceeding one million baht (S$43,689).
It’s thought the “hackers attacked organisations with a “ransomware” code, which locks up the files on a computer and encrypts them, blocking access until the ransom is paid, usually in cryptocurrency such as bitcoin”. Which was like the WannaCry ransomware attack that disrupted global hospitals and businesses.
In July 2019 Thailand’s cybersecurity Act of 2019 has come into full effect (published in the Royal Thai Gazette on 24th May 2019).
The Act allows the Thai government to track, monitor, and access digital data if it deems that ‘cyber threats’ are damaging to the critical digital infrastructure of the Kingdom.
Private organizations that use or provide computer systems for key areas including national security, financial services, and services targeted towards the public, were obligated Under the Act to:
- Provide the names and contact details of key stakeholders who own, use, or possess computer systems
- Conform to code of conduct and cybersecurity standards as prescribed by law
- Conduct thorough risk assessment
- Notify instances of cyber threats to stakeholders
If a cyber threat occurs, organisations dealing with information infrastructure must investigate the affected data, check the systems that have been threatened, and mitigate the risks involved.
Private organisations that are not party of “key” infrastructure are also required to fulfill a set of obligations stipulated by the Act, including:
- Giving access to relevant data, computer systems, or other information in the event of a cyber threat
- Monitoring computers and computer systems
- Permitting authorities to test or cease the operation of computers and other equipment
