Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A New Zealand-based business systems and services firm, Lamberts Business Systems, has suffered a cyber attack, leading to system outages.
The firm’s parent company, Norrcom, published a statement confirming that a cyber incident had occurred and that systems had been taken offline to isolate it.
“Norrcom recently became aware of a cyber security incident that has resulted in some systems connected to the Lamberts part of our business being taken offline,” the company said.
“As soon as Norrcom became aware of this incident, we quickly enacted our incident response plan and began working to ensure the security of these systems, with support from external experts.
“Since this time, we have detected that a third party has named Lamberts online alongside claims they have accessed some data relating to Lamberts and some Lamberts clients. We are liaising directly with any potentially affected clients in relation to this.”
The third party in question is the infamous INC ransomware gang, which listed Lamberts Business Systems on its dark web leak site overnight.
While the threat actor did not disclose details of the breach, it published a sample of allegedly exfiltrated data as proof of the breach.
The sample contains Windows Explorer screenshots of folders with labels suggesting they contain personal and business data, including marketing documents, administration documents, staff data, financial documents, health and safety information, insurance information, payroll, passports and photos and more.
Some folders pertain to specific names of individuals and businesses, suggesting these are ripped from one or multiple PC’s within the business.
INC Ransom did not publicly disclose a ransom date or payment.
Norrcom has specified that only Lamberts systems were affected and that its own have not been compromised.
“We understand this news may cause concern. We would like to assure our broader stakeholders that we have no evidence at this time to suggest any broader impact to our network, and we are taking all appropriate steps in response to this incident, including informing the relevant government entities,” the company said.
INC Ransom has previously launched attacks on Australian and New Zealand targets, having breached Wellington-based Waiwhetu Medical Centre just last month.
In a post dated 6 June, the hackers claim to have stolen 110 gigabytes of data, including contracts, HR data, and financial information.
The entire dataset has been published, and the contents appear to confirm the hackers’ claims. The data includes patient consent forms, education and training data, and correspondence between the medical centre and other stakeholders.
The Waiwhetu Medical Centre confirmed it is aware of the incident.
INC Ransom’s last Australian victim was fibre installation firm Expert Data Cabling, which was listed on the gang’s leak site in March.
INC Ransom was also responsible for the high-profile hack of healthcare provider Spectrum Medical Imaging earlier this year. Patient data was exposed in that attack, and Spectrum continues to contact patients whose data may have been exposed by the hackers.
INC Ransom was first observed in August 2023 and has claimed attacks on over 330 organisations since then. The gang uses spear phishing tactics to gain initial network access and employs double-extortion techniques to pressure its victims, both encrypting the data it steals and then threatening to publish the data online.
Be the first to hear the latest developments in the cyber industry.
