Cyber-extortion threat: NZ organisations warned not to pay up

See also: Bitcoin extortionists attacking NZ companies

New Zealand organisations are being warned not to give in to cyber-extortion threats.

The National Cyber Security Centre (NCSC), a division of the GCSB, has issued an advisory that "an extortion campaign is currently targeting New Zealand organisations. Several organisations have received extortion emails threatening a sustained Denial of Service attack (DoS) unless a payment is made to the email sender. To demonstrate that the threat is credible, shortly after receiving the extortion email, the organisations are then hit with a short-duration DoS attack, lasting up to an hour."

A DoS attack overwhelms a website with connection requests, rendering it inaccessible.

NBR understands the amount being sought is around $8000.

"Businesses should not pay," Netsafe chief executive Martin Cocker tells NBR ONLINE.

"Some businesses that have paid ransomware ransoms have successfully recovered their files – but this DoS extortion is much more like an old-fashioned protection racket where you pay to be protected from the people that you are paying.

"The most likely scenario is that payment will alert the hackers that they are prepared to pay and will increase the chances of them being targeted again."

Clifford Clark, the officer in charge of the Police National Cyber Crime Centre (NC3) agrees. "They'll only come back for more," he says.

Mr Clark says an organisation that receives an extortion email should contact police, plus the NCSC (via the email incidents@ncsc.govt.nz) and its ISP.

The Police won't recommend one piece of security software or service over another but Mr Clark does recommend that, if your organisation hosts its website on an inhouse server, you move it out of your office to a third-party web-hosting service. "That way, your core systems won't be affected," he says.

Earlier, Mr Cocker noted an upsurge in ransomware attacks on Kiwi businesses. However, the previous wave of attacks (including one that sparked a separate NCSC advisory) were based on so-called crypto-lockers, that is, they relied on someone inside an organisation clicking on a malicious email attachment. The attackers could then remotely encrypt a business's files, and demand money for them to be un-encrypted. The advice there is, again, don't pay. Consider the maliciously encrypted files lost, Mr Cocker says. The best course of action is to assume you'll be hit at some point, and to have recent, regularly-tested and off-site backups of all your files.

Mr Clark wasn't aware of any arrests ever being made in New Zealand over DoS or crypto-locker extortion threats. He declined to say if the current wave of DoS extortion threats was being made from any particular country, saying it was a matter of operational intelligence.

A spokeswoman for the GCSB declined comment, saying the NCSC did not want any more information in the public arena.