Menu
Updated: Cryptolocker malware hits IRD, locks 3500 files

Updated: Cryptolocker malware hits IRD, locks 3500 files

Cryptolocker malware executed within IRD after a staffer clicks link in phishing email.

Malware was executed within IRD after it fell victim to a phishing attack

Malware was executed within IRD after it fell victim to a phishing attack

Thousands of Inland Revenue files were locked up after New Zealand's tax department became the target of a cryptolocking attack.

IRD said that in addition to the phishing emails targeting customers, the department also regularly receives phishing emails attempting to obtain money or information or to compromise the Inland Revenue environment.

"In November 2017, a link in a phishing email was clicked on resulting in a cryptolocker malware executing within Inland Revenue which encrypted 3500 files," a statement to Parliament's Finance and Expenditure Committee said.

IRD has since told Reseller News the attack occurred in November 2016, not 2017 as it told the committee.

The files were recovered from back-up and no Inland Revenue data was lost or compromised, IRD said in response to questions during the department's annual review.

"The cryptolocker variant we were dealing with was called Locky," a spokesman told Reseller News. "The affected files were isolated, removed and backed up within 24 hours of the ransomware being discovered."

The attackers behind Locky have pushed the malware aggressively, using massive spam campaigns and compromised websites.

Locky, which encrypts files on victims’ computers and then demands a ransom of between 0.5 to 1 bitcoin, was unleashed in aggressive spam campaigns in February 2016, according to Symantec.

"One of the main routes of infection has been through spam email campaigns, many of which are disguised as invoices. 

"Word documents containing a malicious macro are attached to these emails."

Since this incident, IRD has established a three-year awareness programme to further educate staff about cyber security, the spokesman said.

"The activities undertaken to date include: security awareness presentations at nearly all IR sites; instructional videos hosted on our intranet coinciding with 2017 Cyber Smart Week; a series of simulated phishing exercises for randomly selected staff; and regular blogs, updates and articles about information security hosted on internal communications channels."

Additional controls around anti-virus updates and updates to IRD's email and web proxy services have also been implemented to reduce the likelihood of a reccurrance, the department told the committee.

There have been a series of such attacks over the last five years, culminating in last year's NotPetya attack.

The Government Communications Security Bureau condemned that attack this month and joined other such agencies in attributing the attack to Russia.

"While there were no reports of NotPetya having a direct impact in New Zealand, it caused disruption to some organisations while they updated systems to protect themselves from it," said Andrew Hampton, director general of GCSB.

The Locky attack appears to have been the only data security issue to strike IRD during the year, marking improved performance from earlier years. Nine security issues were reported in 2013, eight in 2014, six in 2015 and four in 2016.

Furthermore, no laptops or tablets went missing during the year, compared with two in 2016.

In all of the reported instances IRD said access to information was restricted "based on the implementation of standard device authentication security protocols, including hard drive encryption and strong password policies.

The document also reveals that out of a total of $133.7 million paid to contractors on its business transformation programme during the year, Accenture was paid $41.4 million and Deloitte $12 million, while Fast Enterprises, the outfit delivering IRD's new tax administration system was paid $35.7 million.

It also discloses IRD's software licensing costs, which continue to grow, more than doubling from $3.2 million in 2013 to $7.2 million in 2017.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmentmalwaretransformationtaxIRDCryptolocker

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments