Ransomware surge grips Caribbean in 2025

GREAT BAY--A wave of ransomware attacks has swept across the Caribbean in 2025, disrupting universities, real estate firms, resort systems, and even tax authorities. The scale and speed of these cyber incursions mark a disturbing escalation in digital threats to the region, which is increasingly viewed by international hacker groups as an easy and profitable target.

The most alarming known incident so far this year took place in Curaçao, where the country's Tax Department was hit by a ransomware attack that forced parts of its operations offline for several weeks. The attack was confirmed by local authorities in early March and was attributed to the FOG ransomware group, a collective that has grown more aggressive in its targeting of Caribbean institutions. According to cybersecurity sources, confidential financial records may have been exfiltrated, though government officials have remained tight-lipped about the exact scope of the breach. What is known is that electronic tax filing was suspended temporarily and internal systems had to be restored from backups. The Curaçao case marked one of the first confirmed government ransomware breaches of 2025 in the Dutch Caribbean.

Shortly afterward, on February 2, systems at the University of The Bahamas were brought to a standstill by a sophisticated ransomware attack. The university’s website, email services, phone lines, and class portals were all disabled. Students were unable to access their assignments or online classes, and kiosks on campus stopped accepting credit cards. Officials said they were uncertain how much personal information had been compromised but admitted that the attackers had managed to breach multiple layers of digital infrastructure. That same month, Turks and Caicos experienced a similar attack, suggesting a coordinated focus on higher education networks in the region.

In Jamaica, Northern Caribbean University in Manchester was also breached in early 2025. The attack paralyzed several of the school’s databases, including those related to student records and financial systems. The same FOG ransomware group is believed to be responsible. FOG, along with another dominant group called Akira, has claimed responsibility for over 90 attacks across the Caribbean and Latin America in just the first quarter of 2025, already surpassing their total for all of 2024.

The private sector has not been spared. In May, Terra Caribbean, a well-known real estate firm operating across several islands including Barbados, St. Lucia, and Grenada, fell victim to an attack by the ransomware collective known as “weyhro.” The group claimed to have stolen sensitive company data and threatened to leak it unless a ransom was paid. Terra Caribbean acknowledged the breach but declined to comment on the ransom demand or on whether client data had been affected.

Tourism infrastructure, a pillar of many island economies, has also come under fire. In March, a resort group in the region using the Otelier booking and property management platform was attacked. The ransomware event caused immediate disruptions at several hotel properties, preventing guests from checking in and disabling internal security systems such as digital key access. While the identity of the attackers was not disclosed, cybersecurity firms monitoring the incident warned that hospitality has become one of the most targeted sectors in the Caribbean this year.

According to data compiled by threat intelligence firms, ransomware attacks in the Caribbean region have risen by more than 25 percent compared to 2024. Experts believe that attackers are increasingly shifting their focus from data encryption to data theft and public exposure, making extortion threats even more potent. Many of the victims, government departments, universities, and mid-sized companies, lack the cybersecurity budgets or skilled personnel needed to detect and prevent such intrusions. There is also growing concern that many more attacks may have occurred than have been publicly disclosed. Due to the sensitive nature of these breaches and fears of reputational damage, companies and institutions often choose not to report incidents, further obscuring the true scale of the crisis.

In light of this alarming trend, the Bureau Telecommunications and Post St. Maarten (BTP) has issued an urgent warning to all businesses and organizations on the island to heighten their cybersecurity vigilance. “Ransomware continues to be one of the most pressing and disruptive cybersecurity threats facing our region,” said Interim Director of BTP, Judianne Labega-Hoeve. “Given the increasing sophistication of these attacks and the significant operational and financial risks involved, it is imperative that businesses in Sint Maarten adopt a proactive and strategic approach to cybersecurity. Strengthening cyber defenses is no longer optional, it is essential to ensure business continuity and safeguard critical data and systems.”

BTP has urged local entities to implement a series of best practices to strengthen their resilience, including regularly backing up data offline, installing updated security software, enforcing strong passwords and multi-factor authentication, limiting access to sensitive data, and training staff to recognize phishing emails. The bureau also emphasized the need for businesses to have a robust response plan in the event of a cyber incident and to seek the guidance of IT professionals to assess and fortify their digital defenses.

Part of the problem lies in the region’s limited preparedness. Aon’s 2025 cyber risk report noted that institutions in the Caribbean are among the most under-resourced when it comes to cybersecurity resilience. More than 40 percent of surveyed organizations admitted they would not know how to identify a breach if it occurred. Meanwhile, many small-to-midsize firms continue to operate on outdated systems, creating weak points ripe for exploitation.

In response to the mounting threats, CARICOM and USAID began rolling out a Cyber Resilience Strategy in early 2024. The plan includes training initiatives, threat monitoring, and coordinated incident response protocols spanning ten countries. However, cybersecurity experts warn that the strategy is still in its early stages and has not yet translated into tangible protection for the majority of institutions.

Despite growing awareness, ransomware gangs continue to operate with near impunity. In 2025, attackers have grown bolder, choosing targets not only for financial gain but also to cause public disruption and extract political leverage. The breach of the Curaçao Tax Department served as a wake-up call to other regional governments that critical infrastructure can be brought to its knees by a single phishing email or misconfigured server.

What unites many of these cases is a chilling trend: cybercriminals no longer need to rely solely on encryption. In many cases, just the threat of publicizing stolen data is enough to force payment. In others, they move on to the next target without consequence. As one cybersecurity analyst put it, “The Caribbean has become a soft target. Hackers know the defenses are low, the insurance payouts are likely, and the press coverage is minimal.”

‍