What Do You Know About Mercury IT Ransomware Attack?

By   ISBuzz Team
Writer , Information Security Buzz | Dec 07, 2022 05:31 am PST

Numerous government departments and the public believe to be bodies to have overcome hardship by a ransomware attack on Mercury IT, a popular managed service provider (MSP) in New Zealand.

A hack on a third-party IT support provider has affected a number of governmental authorities, including Te Whatu Ora (Health New Zealand) and the Ministry of Justice.

The upstream target of the ransomware assault, according to New Zealand’s privacy commissioner, was Mercury IT, which “provides a wide range of IT services to customers throughout New Zealand,” on Tuesday morning.

According to its LinkedIn profile, Mercury IT is a small company with 25 employees that offers support, telecom, and infrastructure services to other businesses.

“Urgent work is underway to identify the number of organizations affected, the nature. The information involved and the extent to which any information has been copied out of the system.” The data protection authority stated, adding that it was informed of the “developing situation” on November 30.

In order to “make full use of its information-gathering powers,” the regulator said it would launch a compliance investigation into the incident. It also urged “any clients of Mercury IT the susceptible parties by this incident and who have not already been in touch with us to contact the Office of the Privacy Commissioner.”

The attack, according to a statement from the Ministry of Justice, is blocking it from accessing approximately 4,000 post-mortem examinations from March 2020 to November and 14,500 data related to the transfer of deceased people’s remains.

“We are concerned that so-called hostile actors behind such activities can watch public opinion. In instances of this sort and thus will not be given more extensive information. On our responses at this time,” said the company’s chief operating officer Carl Crafar.

Te Whatu Ora, the nation’s health ministry, said in a statement that access to information on cardiac and bereavement help is more difficult. It said that 5,500 records from the heart and hereditary disease registry and nearly 8,500 documents related to grief care services were unavailable.

The ministry stated that although the aforementioned records are temporarily inaccessible there is currently no proof that they have been downloaded or accessed without authorization.

“We want to reassure the public that there has been no disruption in the provision of health services. That all Te Whatu Ora health services are still operating properly.

The New Zealand Physiotherapy Board, the New Zealand Dietitians Board, the Chiropractic Board, and the Podiatrists Board. The New Zealand Psychologists Board, and the Optometrists and Dispensing Opticians. Board was among the six other health regulatory bodies. That used Mercury IT. Which also fell, according to the ministry.

What effect the incident has had on these services is unclear.

An advocacy group called BusinessNZ has also stated that it will have an effect. An attack on its IT supplier, according to Accuro, a not-for-profit health insurance provider. New Zealand with more than 34,000 members, “has disrupted” its “day-to-day operations and customer service.”

It comes after a significant ransomware incident involving Medibank, a private health insurer in Australia. Last month declared it would not be paying an extortion payment. After hackers obtained access to the data of 9.7 million current and former customers. Including 1.8 million international customers living abroad and started posting the details online.

A new permanent joint standing operation between the Australian Federal Police (AFP). The Australian Signals Already there is the directorate as a result of the incident. Which has sparked nationwide outrage and prompted the Australian government to “offensively attack” the organizations responsible for ransomware incidents.

It happens a week after the UK declared it will impose new mandatory reporting requirements. On MSPs to disclose cyber events, along with minimum security. Criteria that could result in fines of up to £17 million ($20 million) for non-compliance.

In a statement defending the decision, the government noted. That MSPs “play a central role in supporting the UK economy” and issued a warning. They “are employable as staging points through which threat actors can compromise the clients. Those managed services” as they are “an attractive and high-value target for malicious threat actors.”

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Stephan Chenette
Stephan Chenette , Co-Founder and CTO
December 7, 2022 2:13 pm

“Unfortunately, Te Whatu Ora (Health New Zealand) and several other healthcare providers across the country have become the latest agencies to suffer from a data breach following a ransomware attack on the managed service provider (MSP) Mercury IT. This attack follows in the footsteps of other high-profile attacks against healthcare organizations, including an attack against French hospital André-Mignot that forced the organization to shut down its phone and computer systems earlier this week. Unfortunately, several other government departments, including the Ministry of Justice, fell victim to the attack as well. 

Government agencies are an attractive target for cybercriminals because of the wealth of sensitive information they hold and the often-limited cybersecurity resources they possess. The personally identifiable information (PII) hacked can now be bought and sold for top dollar on the dark web, further exposing victims to future fraud or phishing attacks. 

To prevent similar attacks, MSPs, government and healthcare organizations must study the common tactics, techniques, and procedures used by common threat actors, which will help them build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors. Organizations should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to better prepare for the next threat.”

Last edited 1 year ago by Stephan Chenette
Raj Samani
Raj Samani , Chief Scientist and Fellow
December 7, 2022 1:32 pm

“This ransomware attack serves as a reminder to all businesses that they can be target of ransomware, irrespective of their size. Indeed, many small organisations form a critical part of the supply chain for larger organisations, and this provides criminals the opportunity to demand and extort large sums from victims. Understanding this economy allows ransomware operators to cause as much chaos and disruption as possible in the hope that this will motivate victims to pay. 

Therefore, all businesses – no matter what their size – need to ensure that they operationalise cybersecurity. It must be seen as an essential part of the organisation’s processes and form part of the cost of operational running.”

Last edited 1 year ago by Raj Samani

Recent Posts

Would love your thoughts, please comment.x