Volunteer service hit by ransomware attack

Photo: RNZ.

Volunteer Service Abroad has been the victim of a ransomware attack, however experts say no information was taken.

A spokesperson says the attack happened last Friday and the organisation's computer systems were encrypted.

"VSA was locked out of its servers. We also disconnected all systems on Friday, May 14, and began investigations into the access. Staff were able to work again on Monday, May 17, using our current operational systems,"says the spokesperson.

"Our back up was also encrypted. Our servers held mostly historic information."

The group responsible demanded a ransom, but none was paid.

Instead, VSA "engaged immediately with the Cert NZ, Privacy Commissioner, NZ Police and other government agencies".

The group is different to that responsible for the Waikato District Health Board attack, VSA said.

It believed their main motivation was "getting money from us as an organisation".

"It has been a stressful time and we have lost important historic data, but our IT infrastructure meant we were able to respond quickly and get back to support our partners in 11 countries in the Pacific region," says VSA chief executive Stephen Goodman .

"It seems to be too common these days and I just wonder what we could be achieving in the world if the people with these IT skills instead put them to good use rather than criminal activity."


More on SunLive...
You must be logged in to make a comment. Login Now


Posted on 09-06-2021 16:13 | By This Guy

because the crime pays? I was just reading about how ransomware attackers have started going after insured companies because the insurance company will pay the ransom... and they know whose insured against it because they’ve hacked the insurance companies data lol so I feel like its going to get worse before it gets better

I, too, have also wondered...

Posted on 27-05-2021 20:51 | By morepork

...why these criminals don’t put their obvious skills to good use. My usual response to phone scammers now is: "Why don’t you get a job?" then hang up. The problem here sounds like the VSA were making regular backups, in accordance with best practise, but those backups were online. (It is a bit of a pain to have to keep connecting and disconnecting external drives, so most people don’t do it.) The ransomware will encrypt anything it can access, so they lost the lot. Some external drives now, will automatically backup files that change, but they have to be connected so they can do it. Best is to take backups or image copies of key data and DISCONNECT the drive until next time you need backup. (In fact, the disks should be stored in a separate establishment in case of fire or theft of the main system.)