Cyber Incident Victim: Enlighten Designs
Date:
May 2022
Location:
New Zealand
Summary
A Waikato-based software development company experienced a ransomware attack that compromised a portion of its operating systems, prompting engagement of forensic investigators who found no evidence of data exfiltration. The incident disrupted client operations, including delaying a regional council's corporate performance dashboard rollout while systems were rebuilt over several weeks, with full service restoration achieved by mid-year. The organization's CEO acknowledged the attack demonstrated universal vulnerability to cyber threats despite existing security investments, emphasizing continued vigilance and reduced data exposure to malicious actors. Concurrently, the firm maintained strategic focus on expanding cloud-based digital solutions and AI-driven product development through its dedicated innovation division.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May 2022, Waikato-based software development firm Enlighten Designs suffered a ransomware attack that compromised a portion of its operating systems. CEO Damon Kelly confirmed the incident publicly after its disclosure during a mid-August Waikato Regional Council finance committee meeting, where council director Neville Williams revealed project delays caused by the breach. The attack forced Enlighten to engage forensic technology consultants for an investigation, which concluded in June with no evidence of data exfiltration. During the containment phase, Enlighten's IT specialists spent multiple weeks rebuilding compromised systems to restore operations. All affected clients regained normal service by July 2022, though the council's corporate performance dashboard and business application rollout—dependent on Enlighten's work—faced implementation delays as the developer temporarily lost access to critical systems during recovery efforts.
The incident directly impacted the Waikato Regional Council's Te Ara Tupu corporate plan, delaying the deployment of a new performance monitoring dashboard that had reached final testing stages before the attack. Williams reported the council entered a "holding pattern" during Enlighten's system restoration but confirmed resolution of all technical issues by August 2022, with the application prepared for imminent release. Kelly emphasized Enlighten's existing cybersecurity investments while acknowledging the attack demonstrated New Zealand organizations' universal vulnerability to such incidents. The company maintained operations through Microsoft Azure cloud services and continued pursuing strategic initiatives in AI and data solutions through its Enlighten Labs division, having previously earned Microsoft's 2020 New Zealand Partner of the Year award prior to the breach. No ransomware group claimed responsibility, and investigators found no indication that attacker(s) extracted client or corporate data during the intrusion.