The critical operations of the Curaçao Tax Authority have been brought to a standstill this week following a major ransomware attack. The incident, which took place last Saturday, July 26, 2025, has compromised the agency’s automated systems, forcing an indefinite closure of the office and a halt to all digital services as of Monday morning. Minister of Finance Javier Silvania made the announcement, confirming that the government is now contending with a serious and active cybersecurity breach.
In a swift and decisive response to the ongoing crisis, Minister Silvania has requested immediate cyber defense support from the Netherlands.
An expert is being dispatched to help manage the incident, but the decision has prompted urgent questions about the island’s crisis-response strategy. The move appears to have bypassed Curaçao’s own ministerial working group on cybersecurity, a body specifically created under the leadership of Dwigno Puriel to manage the island’s digital defenses.
The cyberattack employed ransomware, a type of malicious software that encrypts an organization’s data, rendering it unusable. Typically, the attackers demand a substantial payment, or ransom, in exchange for the digital key (k) required to unlock the data. In a common tactic known as double extortion, these criminal groups also often steal a copy of the data and threaten to publish it if their demands are not met, placing immense pressure on the victimized organization.
With the breach having occurred only days ago, the situation remains critical and fluid. The Dutch cybersecurity expert will join local teams to conduct an urgent digital forensic investigation to determine the scope of the attack and the extent of the data compromise. The immediate priorities are to isolate the affected systems, prevent further intrusion, and assess the viability of restoring the systems from backups without yielding to the attackers’ demands.
This attack serves as an immediate and stark reminder of the vulnerability of national infrastructure to global cyber threats. As the government of Curaçao works with its Dutch partners to navigate this active crisis, the event is forcing a real-time evaluation of its cybersecurity readiness. The decisions made in the coming days will be crucial not only for restoring the tax service but also for shaping Curaçao’s future defense posture against such debilitating attacks.
Reference:
