Cyber Incident Victim: Inland Revenue Department

In November 2017, New Zealand’s Inland Revenue Department (IRD) experienced a cryptolocker malware attack that resulted in the encryption of approximately 3,500 files. The incident originated when an employee clicked on a malicious link contained within a phishing email, triggering the execution of the cryptolocking malware within the IRD’s systems. The malware rapidly encrypted files, rendering them inaccessible. The IRD confirmed the attack stemmed from a broader pattern of phishing attempts regularly targeting the department, which included efforts to steal funds, extract sensitive information, or compromise its operational environment. While the department did not disclose the exact duration of the encryption event or the specific systems affected, the incident demonstrated a direct operational disruption caused by a successful phishing compromise.

The attack highlighted the IRD’s vulnerability to socially engineered threats despite its awareness of ongoing phishing campaigns. No details were provided regarding whether a ransom demand accompanied the file encryption, nor did the IRD disclose whether data exfiltration occurred alongside the cryptolocking activity. The department’s public statement acknowledged the incident’s cause and scale but omitted specifics about containment measures, file recovery processes, or any coordination with law enforcement or cybersecurity agencies. The confirmed impact remained limited to the immediate disruption caused by the 3,500 encrypted files, with no additional consequences such as taxpayer data leaks or financial losses disclosed in the available reporting. The IRD’s reference to recurring phishing threats underscored the persistent challenge of mitigating human-factor risks in its security posture.