Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
DragonForce claims hack of Morrinsville/Matamata-based broker Vercoe, more than 60 gigabytes allegedly stolen.
The DragonForce ransomware gang has listed New Zealand insurance broker Vercoe as a victim on its darknet leak site.
DragonForce posted the hacking claim on 5 March and said it had successfully exfiltrated 60.67 gigabytes of data.
So far, no documents have been published as evidence the hack was successful, nor has the gang shared its ransom demand.
However, it is threatening to publish the data within four days at the time of writing.
Vercoe has confirmed it is investigating the hackers’ claims and has restored its systems following the attack.
“Since the compromise, we have engaged external experts to restore the systems that were out-of-operation, investigate the full scope and nature of any malicious activity and review our IT security,” a Vercoe spokesperson told Cyber Daily.
“We have restored access to all systems and are back to full operational capacity. Thankfully, it appears that the impact on our ability to conduct our day-to-day work for our clients has been limited. We are grateful to our external providers for working hard to get us to this point.”
Vercoe has also notified New Zealand’s Office of the Privacy Commissioner and the Financial Markets Authority “on a precautionary basis”.
“While our investigation into what information may have been impacted remains ongoing, we have notified a number of stakeholders and insurer clients. Should the investigation identify that personal information relating to our broker clients has been impacted, we will be sure to notify them as appropriate. We are taking this incident extremely seriously and working hard with our response team to ensure we respond appropriately and in line with best practice,” it said.
DragonForce is currently the 34th most active ransomware group in the world, having claimed attacks on 140 organisations since it was first observed by security researchers in December 2023. Analysts have suggested the ransomware group may be linked to Malaysian hacktivists DragonForce Malaysia, though that appears to be entirely based on the name alone.
The group is believed to have some links to the LockBit ransomware operation and engages in double-extortion tactics, locking victims out of their data and threatening to publish it online if a ransom payment isn’t received.
DragonForce runs a ransomware-as-a-service operation and is known for its remarkably high commission rate – the gang passes on up to 80 per cent of ransom payments to its affiliates and advertises its services on Russian-language hacking forums.
The gang’s most recent victim in the ANZ region was Kiwi car dealership Tristram European, which was listed on DragonForce’s leak site on 21 February.
According to its website, Vercoe has more than 5,000 clients, including schools, businesses, private clients, and farms in the Matamata-Piako area of New Zealand’s North Island.
UPDATED 12/03/25 to add Vercoe commentary
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
