Have ANZ's cyber-attackers demanded a ransom?

ANZ may be refusing to pay a ransom as a cyber-attack causes online banking outages for a third day in a row. 

A DDoS (distributed denial of service) cyber-attack was confirmed on Wednesday by the government’s cybersecurity agency, Cert NZ, when the websites and services of ANZ, Kiwibank, NZ Post, MetService and others were affected.

Earlier this week experts had said it was not clear if the attacks were financially motivated, but ANZ’s continued problems might suggest cybercriminals are directly targeting the bank.

“A ransom [demand] would have been issued after the first day, they would then have a couple of days of fairly severe outages following that,” the founder of cybersecurity firm Darkscope, Bruce Armstrong, told BusinessDesk today.

“It will probably continue until they either pay the ransom or find an alternative way to block the attack.”

He said ANZ is a prime target for a DDoS ransom attack because it has plenty of money and disruption to its service would cost them commercially and reputationally. 

The outages mean some of the bank’s customers are unable to move money or pay bills, though ANZ has said services such as ATMs, EFTPOS, scheduled payments, and phone banking are unaffected.

“We appear to be experiencing intermittent outages with our online services again this morning,” the bank tweeted at 7:31am this morning.

“We will update you as we can.”

Although Cert confirmed DDoS attacks were the cause of this week’s disruption, none of the affected organisations, including ANZ, have publicly stated they are suffering a cyber-attack.

It is also not certain if the attacks are directed at the affected organisations, or at the service providers whose technology they use. 

It means confused and upset ANZ customers are contacting the bank about what appears to them as simply three days of broken services.

“This is unbelievable! What is happening? Trying to access my money for 3 days!” one person tweeted.

“Still down... is money safe with you guys? What's going on?????” said another.

DDoS attacks on banks only cause service outages and cannot result in the theft of customer money, though it does not appear ANZ has explained this publicly to concerned customers.

DDoS attacks have been ramping up recently in New Zealand, with the NZX taken down last August.

“DDoS used to be something you’d swat away like a pesky fly, it was pretty ineffective and there were plenty of systems that blocked it,” Armstrong said.

He said the attacks, which overload online services with access requests to effectively render them unusable, have become far more powerful of late and are often at over 100 gigabits per second (Gbps) and can be up to 555Gbps. 

These are speeds that can overload even the most robust online services.

NZ is considered an easy target for cybercriminals due to the country’s limited connectivity to the world. 

“That’s a reasonable chunk out of our internet services, our overseas cables.

“They just keep turning up the hose and eventually you can’t drink it all.”