NZ spy agency assisting Waikato DHB after cyber attack/ransom demand

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Waikato DHB’s IT centre is the target of a major cyber security attack. Video / Waikato DHB

The nation’s spy agency has been scrambled in the aftermath of a crippling cyber attack and ransom demand that has brought Waikato District Health Board services to their knees.

But the DHB is adamant that no ransom will be paid to hackers who have launched a targeted attack on the organisation’s IT services today.

A spokesman for the National Cyber Security Centre (NCSC) – a branch of the Government Communications Security Bureau (GCSB) – told the Herald staff were providing support to Waikato DHB following today’s attack.

The spokesman said the NCSC’s role was to help protect New Zealand organisations of national significance “from advanced, persistent, primarily state-sponsored, cyber security threats”.

The agency did not usually divulge whether it was involved in specific incidents.

“We are very conscious that malicious cyber actors can monitor public commentary on and incident and for this reason, while the investigation and remediation efforts are ongoing, we will not provide additional details regarding its cause or the response to it.”

DHB chief executive Kevin Snee told Stuff “no ransom will be paid” and he did not know who was behind the attack.

Cyber security expert Bruce Armstrong told the Herald he believes it is a ransomware attack on Waikato DHB from Asia or the Middle East, similar to what has hit the Irish health system in recent days.

He believes it is similar in nature to the DDoS attacks that rocked the New Zealand Stock Exchange (NZX) last year and overran its system for days.

“Health organisations are highly prized as targets globally and health industries throughout the world are the most attacked and most expensive type of attacks that happen,” the Darkscope founder said.

“The normal pattern is they will warn the organisation they will do it, and run half an hour DDoS attacks, and if the ransom is not paid they will attack for hours at a time.

“The attack on the NZX played out over three days before they were able to completely stop its effect on their systems.”

He said ransomware attacks are not targeting patient data and the only interest is to get money from…