Ransom demanded as Volunteer Service Abroad locked out of servers

The Volunteer Service Abroad organisation was the victim of a ransomware attack last week. Photo / Getty Images

The Volunteer Service Abroad organisation has been locked out of its computer systems and a ransom has been demanded following a cyber attack last week.

In a statement from the volunteer agency's chief executive Stephen Goodman to about 5000 people associated with VSA, he said a ransomware attack had been detected and
a "criminal group" had requested a ransom.

It comes after what has been described as the biggest cyber attack in New Zealand history on the Waikato District Health Board this week, which has crippled the DHB's healthcare provision.

Goodman's statement said the attack on VSA was by a different criminal group than the one targeting Waikato DHB.

"A ransom was requested, which we have not and will not pay," Goodman said.

"At this early stage in the recovery process we believe there are no breaches on personal information held with us."

He believed the group's main motivation was "getting money".

"A recent IT security review had been undertaken, and we believed our security systems were appropriate.

"However, cyber attacks are now increasingly sophisticated and we were unfortunately targeted."

VSA co-ordinated volunteers and linked them with projects across 11 countries in the Pacific. Speaking to the Herald this afternoon, Goodman described how the attack had locked VSA staff from a database which contained plenty of historical information and files.

When the attack occurred, Goodman said a message appeared on the screen - allegedly from the culprits - referencing the attack and requesting to talk.

Goodman said he had no intention to interact with those responsible and did not know how much money they wanted.

Following the attack, VSA engaged with a New Zealand cybersecurity organisation which Goodman did not name for commercial reasons. VSA also conducted an investigation into how the system was accessed and whether there were any implications for the people's information.

He called the incident an "inconvenience" to the organisation, as the now locked information had to be sourced through other means. Goodman was reluctant to elaborate on what specific information the attackers might have, describing it as "standard business operating files".

However, he repeatedly stressed the cybersecurity organisation had found no evidence any personal information was at risk.

He was mindful the attack could be unsettling for people associated with VSA and encouraged them to contact ID Care, an international identity and cybersecurity community support service, on 0800 121 068 or www.idcare.org for support.

A police spokesperson confirmed a complaint about the attack had been registered but had no further details to add.