Loot from NZ ransomware attack being sold on dark web
Some of Mercury IT’s clients whose data have been found for sale include health insurer Accuro, commercial flooring business Polyflor, business mentoring programme Business Central, and architecture firm Catalyst Group. According to the report, the data from these companies was being sold on the dark web for between $157,000 and $1.58 million.
Mercury IT was also a contractor for Te Whatu Ora and Health NZ, which involved 14,500 coronial files and 4,000 post-mortem reports from those organisations. However, these data have yet to be found for sale.
“This is possibly the most significant cybersecurity incident New Zealand has had,” said Brett Callow, threat analyst at cybersecurity firm Emsisoft. “I can’t think of any other incident that has simultaneously affected so many organisations.”
Most ransomware attacks target a single firm’s data. But since Mercury IT was working with many different organisations, the breach has ended up giving the hackers access to a much wider variety of data.
The suspect behind the attack is a ransomware gang called Lockbit, which was formed in 2019 and is thought to be based in Russia or in Eastern Europe, the report said.
The group often operates as “ransomware as a service”, which means people could hire the group to conduct ransomware attacks against their targets. According to Callow, a Canadian resident was recently arrested for working with Lockbit to carry out an attack.