Crime syndicate demanding large Bitcoin payments to stop NZX cyber attacks - report

The cyber attackers behind days of disruption for the New Zealand stock exchange (NZX) are a crime syndicate that have targeted several of the world's largest financial providers in the last week, according to a news report.

The NZX website has been targeted by repeated distributed denial of service (DDoS) attacks over the last few days, beginning on Tuesday.

The attacks disrupt service by saturating the network with significant volumes of internet traffic, and have caused NZX to halt trading four days in a row.

NZX is still investigating, but tech news website ZDNet reports the hackers behind the attack have also targeted MoneyGram, YesBank India, Worldpay, PayPal, Braintree, and Venmo in the past week.

They are believed to be demanding massive Bitcoin ransoms in exchange for putting a stop to their DDoS attacks - an extortion tactic ZDNet reports was first seen in 2016.

The group emails companies and threatens DDoS attacks that can "cripple operations and infer huge downtime and financial costs", ZDNet says - unless the companies are willing to pay them a large amount in Bitcoin.

Friday marks the fourth successive day in which the NZX has been disrupted by cyber attacks.

Finance Minister Grant Robertson said on Friday the Government Communications Security Bureau (GCSB) has been directed to help NZX. But he said he is not aware of any ransom demands and directed the question towards the GCSB. 

"We recognise that it is important that the Government works with private companies like them when they are faced with issues like the cyber-attack they are currently experiencing," Robertson said.

"There are limits to what I can say today about the action the Government is taking behind the scenes due to significant security considerations."

Earlier this week, Professor Dave Parry from Auckland University of Technology's department of computer science said the attacks appear to be at a level of sophistication "which is relatively rare".

"Unfortunately, the skills and software to do this are widely available and the disruption of COVID and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual."