This article is more than 1 year old

South Pacific vacations may be wrecked by ransomware

New Zealand government reels, Vanuatu’s spent weeks entirely offline

New Zealand's Privacy Commission has signalled it may open an investigation into local managed services provider Mercury IT, which serves many government agencies and businesses and has been hit by ransomware.

Mercury's website is, at the time of writing, a single page that states "Mercury IT provides a wide range of IT services to customers throughout New Zealand."

But according to the privacy commissioner, on or before November 30 Mercury was attacked.

"Urgent work is underway to understand the number of organizations affected, the nature of the information involved and the extent to which any information has been copied out of the system," the commissioner wrote.

Local health insurer Accuro is a Mercury customer and reported the incidence, which it said "prevented access to a number of our core systems."

New Zealand's heath service has revealed the attack "impacted access to some … data relating to bereavement and cardiac services." The nation's Ministry of Justice advised that "approximately 14,500 coronial files relating to the transportation of deceased people, and approximately 4,000 post mortem reports" were exposed.

"We acknowledge that this incident has affected information that is sensitive. We will continue working to understand the extent of the incident," the Ministry stated.

As coronial and medical data, and health insurance, are governed by privacy laws, the Privacy Commission plans to consider whether Mercury IT is in trouble on that front. The Register understands other agencies, and customers, will have their own beef with the service provider.

Thankfully, government services appear not to have been disrupted by the incident.

But in the nearby South Pacific nation of Vanuatu, a cyber attack has all-but-crippled the government for three weeks.

Government systems in the island of 300,000 souls went offline in early November, with ransomware suspected as the culprit. Agencies reverted to paper-based processes.

Late last week, the nation's prime minister reportedly said that 70 percent of government servers had been restored.

At the time of writing, however, The Register was unable to reach any sites in the domain.

No suspect for the attack has been identified, but PM Ishmael Kalsakau told local news outlet The Daily Post that "Data analysis of the hackers shows persistent traffic from Europe, Asia, and the United States of America. But these indications could be misleading. The hackers are almost certainly using Virtual Private Networks and services to hide their location."

The PM said investigations have not yet allowed attribution of the attack, leaving open the question of whether criminals or nation-state-supported attackers are behind the incident. ®

More about


Send us news

Other stories you might like