Global ransomware attack may have affected 11 New Zealand schools

The latest global ransomware attack may have affected IT for 11 schools in New Zealand.

The attack came to light early yesterday, hitting a Miami-based IT company, Kaseya, and infiltrating companies using that firm's software.

The Ministry of Edcuation said it is working with the schools to provide support and will continue to identify if other schools have been impacted.

The ministry's deputy secretary business enablement and support, Zoe Griffiths, said any school that believes they may have Kaseya VSA software installed should first contact their IT provider.

They should also undertake the recommended steps in an advisory on the CERT NZ website.

Earlier today, IT security expert Daniel Ayers said New Zealand organisations may have been caught up in the ransomware attack.

Ayers said this sort of "supply chain" attack is significant and there are a number of IT service providers in New Zealand that use Kaseya.

"There's been information released on the internet that there are people affected in New Zealand. Some of the anti-virus providers have released information that they have seen detections in New Zealand."

Ayers said the timing of the attack means some companies may not discover they are affected until they start work tomorrow morning.

Local tech company Datacom said it has shut down its servers that use Kaseya software after the attack.

A spokesperson for the company said it had been decommissioning the software, even before yesterday's attack.

It has been monitoring the situation for its customers and has not found any sign of incursions.

The cyber-security watchdog CertNZ is advising organisations using Kaseya to shut down those servers.

Kaseya provides IT management software for Managed Service Providers (MSPs) and small to mid-sized businesses (SMBs) - linking clients and partners in New Zealand.

Kaseya has previously publicised its links to New Zealand-based CodeBlue and other Australasian IT companies, including BigAir, Datacom, eNerds, Leap Consulting, Surety IT and Ricoh Australia.

President Joe Biden has directed US intelligence agencies to investigate who was behind the attack that also hit hundreds of American businesses.

Security firm Huntress said it believed the Russia-linked REvil ransomware gang was to blame for the latest ransomware outbreak. Last month, the FBI blamed the same group for paralysing meat packer JBS.

In a statement, the US Cybersecurity and Infrastructure Security Agency said it was "taking action to understand and address the recent supply-chain ransomware attack" against Kaseya's VSA product.

US and British authorities said Russian spies accused of interfering in the 2016 US presidential election have spent much of the past two years abusing virtual private networks (VPNs) to target hundreds of organisations worldwide.

Russia's embassy in Washington has denied that charge.

- RNZ / Reuters 

This story has been updated to reflect that Daniel Ayers believes New Zealand companies may be affected by the Kaseya hack.