Menu
Updated: Cryptolocker malware hits IRD, locks 3500 files

Updated: Cryptolocker malware hits IRD, locks 3500 files

Cryptolocker malware executed within IRD after a staffer clicks link in phishing email.

Malware was executed within IRD after it fell victim to a phishing attack

Malware was executed within IRD after it fell victim to a phishing attack

Thousands of Inland Revenue files were locked up after New Zealand's tax department became the target of a cryptolocking attack.

IRD said that in addition to the phishing emails targeting customers, the department also regularly receives phishing emails attempting to obtain money or information or to compromise the Inland Revenue environment.

"In November 2017, a link in a phishing email was clicked on resulting in a cryptolocker malware executing within Inland Revenue which encrypted 3500 files," a statement to Parliament's Finance and Expenditure Committee said.

IRD has since told Reseller News the attack occurred in November 2016, not 2017 as it told the committee.

The files were recovered from back-up and no Inland Revenue data was lost or compromised, IRD said in response to questions during the department's annual review.

"The cryptolocker variant we were dealing with was called Locky," a spokesman told Reseller News. "The affected files were isolated, removed and backed up within 24 hours of the ransomware being discovered."

The attackers behind Locky have pushed the malware aggressively, using massive spam campaigns and compromised websites.

Locky, which encrypts files on victims’ computers and then demands a ransom of between 0.5 to 1 bitcoin, was unleashed in aggressive spam campaigns in February 2016, according to Symantec.

"One of the main routes of infection has been through spam email campaigns, many of which are disguised as invoices. 

"Word documents containing a malicious macro are attached to these emails."

Since this incident, IRD has established a three-year awareness programme to further educate staff about cyber security, the spokesman said.

"The activities undertaken to date include: security awareness presentations at nearly all IR sites; instructional videos hosted on our intranet coinciding with 2017 Cyber Smart Week; a series of simulated phishing exercises for randomly selected staff; and regular blogs, updates and articles about information security hosted on internal communications channels."

Additional controls around anti-virus updates and updates to IRD's email and web proxy services have also been implemented to reduce the likelihood of a reccurrance, the department told the committee.

There have been a series of such attacks over the last five years, culminating in last year's NotPetya attack.

The Government Communications Security Bureau condemned that attack this month and joined other such agencies in attributing the attack to Russia.

"While there were no reports of NotPetya having a direct impact in New Zealand, it caused disruption to some organisations while they updated systems to protect themselves from it," said Andrew Hampton, director general of GCSB.

The Locky attack appears to have been the only data security issue to strike IRD during the year, marking improved performance from earlier years. Nine security issues were reported in 2013, eight in 2014, six in 2015 and four in 2016.

Furthermore, no laptops or tablets went missing during the year, compared with two in 2016.

In all of the reported instances IRD said access to information was restricted "based on the implementation of standard device authentication security protocols, including hard drive encryption and strong password policies.

The document also reveals that out of a total of $133.7 million paid to contractors on its business transformation programme during the year, Accenture was paid $41.4 million and Deloitte $12 million, while Fast Enterprises, the outfit delivering IRD's new tax administration system was paid $35.7 million.

It also discloses IRD's software licensing costs, which continue to grow, more than doubling from $3.2 million in 2013 to $7.2 million in 2017.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmentmalwaretransformationtaxIRDCryptolocker

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments