Cyber Incident Victim: Inline Plumbing

In July and August 2021, the ransomware group Lockbit 2.0 publicly claimed responsibility for cyberattacks against three small-to-midsized New Zealand businesses. The group first targeted Phoenix Services, an Invercargill-based property maintenance company, during July 2021. Lockbit 2.0 posted threats online to release data allegedly stolen from Phoenix Services unless ransom demands were met. In August 2021, the same group attacked Haydn, a Christchurch-based painting supplies company with established market recognition. Lockbit 2.0 similarly threatened to publish Haydn's stolen data through their online channels. The group later withdrew the data release threat against Haydn, though no public explanation was provided for this reversal. Both incidents followed a pattern of ransomware attackers publicly announcing breaches and negotiating ransom payments under threat of data exposure.

Cybersecurity experts observed these attacks occurred amid shifting global ransomware tactics following increased U.S. pressure on Russia-based cybercriminal operations. Analysts suggested ransomware groups might be redirecting focus toward perceived "softer targets" like New Zealand and Australian businesses after President Biden's administration intensified counter-ransomware measures. The attacks disrupted operations at Phoenix Services and Haydn, though neither company disclosed specific operational or financial impacts. No details were released regarding the type or volume of data allegedly stolen, nor whether either firm engaged with the attackers' ransom demands. The withdrawn threat against Haydn marked an unusual deviation from typical ransomware group behavior, where data leaks typically proceed if payments aren't made.