Cyber Incident Victim: Search and Rescue Base at Aoraki/Mount Cook

On July 21, 2021, the New Zealand Department of Conservation (DOC) reported an isolated ransomware attack targeting the Search and Rescue (SAR) Base at Aoraki/Mount Cook. The malware encrypted shared files on the base’s standalone network, rendering them inaccessible to staff. Department of Conservation Deputy Director General Corporate Services Rachel Bruce confirmed the incident, emphasizing that the SAR base network operated independently with no connectivity to DOC’s corporate systems. This isolation limited the attack’s reach to the local infrastructure at Aoraki/Mount Cook. No operational disruptions to search and rescue activities occurred despite the file encryption. DOC initiated an immediate assessment to determine the scope of compromised data.

The investigation revealed that personal information belonging to 11 individuals might have been exposed due to the ransomware incident. DOC committed to directly notifying these affected parties. Restoration efforts relied on pre-existing backups to recover the encrypted files, with no ransom demand reported by the department. The standalone nature of the SAR base network prevented lateral movement to broader DOC systems, containing the incident geographically and functionally. DOC did not disclose the ransomware variant or attribution details. No additional technical specifics regarding infection vectors or detection methods were released publicly. The response focused on data recovery, stakeholder notification, and reinforcing existing security protocols for the isolated network.