Yesterday the St Peter’s network was exposed to a worldwide cyber attack. The system is now stable and we are working to...
Posted by St Peter's School, Cambridge, New Zealand on Saturday, July 3, 2021
The Ministry of Education said any school that believes it might have the Kaseya VSA software installed should first contact their IT provider.
"Our analysis has shown that 11 schools out of 2400 may have been affected by the ransomware attack," said a spokesperson.
"We are working with those schools to provide them with support and will continue to identify if other schools have been impacted."
In Sweden, about 500 Coop supermarket stores closed because of the ongoing attack after the shop's cash registers stopped working, the BBC reported.
Partner and national leader of cyber at Deloitte Anu Nayar organisations in New Zealand used Kaseya, including some of his clients.
He had told them to stop using it until more was known around which Kaseya customers had been affected by the attack.
"It's not as widespread in New Zealand but there are companies that use it."
There was suspicion that Russian-linked REvil ransomware gang, one of the most prolific and profitable cyber-criminal groups in the world, was responsible for the attack.
Generally speaking, these types of ransomware attacks were funded and distributed between well organised crime groups, Nayar said.
"They are definitely quite prolific in terms of their attempts through these types of methods to compromise as many organisations as possible."
It's not known how many companies had been affected by the attack or asked to front up with thousands of dollars to pay a ransom to get their systems going again.
Some experts had predicted that the attack targeting Kaseya customers could be one of the broadest ransomware attacks on record.
Earlier today, IT security expert Daniel Ayers said New Zealand organisations may have been caught up in the ransomware attack.
Ayers said this sort of "supply chain" attack is significant and there are a number of IT service providers in New Zealand that use Kaseya.
"There's been information released on the internet that there are people affected in New Zealand. Some of the anti-virus providers have released information that they have seen detections in New Zealand."
Ayers said the timing of the attack means some companies may not discover they are affected until they start work tomorrow morning.
Local tech company Datacom said it has shut down its servers that use Kaseya software after the attack.
A spokesperson for the company said it had been decommissioning the software, even before yesterday's attack.
It has been monitoring the situation for its customers and has not found any sign of incursions.
Kaseya said its VSA product had been targetted by the attack and it believed it had been localised to a small number of on-premises customers only, meaning clients that run their own data centres.
A sophisticated cyber attack brought the Waikato DHB's system to its knees this year, affecting a number of operations and being described as the biggest in New Zealand's history.
The DHB had to employ hundreds of additional IT experts as it attempted to rebuild all its systems.
- Additional reporting: AP, RNZ
