A data security company has issued a warning about a new email scam that is extorting information from companies and organisations worldwide.
Czech company Avast Software has been looking into the new extortion emails, which claim they come from ransomware cyber groups 'Lockffit' and 'Silent Ransom'.
But it's likely just an empty threat of a data leak - or 'fake' ransomware.
Researchers at Avast's Threat Labs say the scam is sent via email to employees at various companies using their full names, and can be confused for the similarly-spelled, actual ransomware scam called 'Lockbit', if read too quickly.
Lockbit is a malicious ransomware that blocks users from computer systems in exchange for ransom, and it's widely known for its data extortion tactics.
It has disrupted operations, extorted, and illegally published data from companies around the globe - such as employee records, personal information, or medical data.
The information is sometimes sold to criminals.
Mark Gorrie, managing director of Gen Digital Asia-Pacific, said Aotearoa has been a prime target for scammers for some time.
"It's an affluent nation with a high-trust society. That means if there's an emerging extortion scam out there you can pretty well guarantee it's going to be deployed on our shores," Gorrie told Newshub.
The 'Lockffit' or 'Silent Ransom' emails say there has been a company security breach and a large amount of information has been stolen, for which a ransom must be paid.
Recipients are also urged to notify their boss, and to reply to the sender to 'fix' the issue.
Gorrie said the new threat is alarming because Aotearoa has many small businesses who don't have the same IT resources as multinationals.
"That's why it's all the more important for business owners here to be vigilant and continuously educate themselves and their employees about various types of emerging cyber threats," he said.
New Zealand companies should incorporate proper cyber protection across all company devices, Gorrie said, as well as "patching devices and applications, ensuring remote backup of critical data, using a VPN to secure connections, and strong password protection".
Luis Corrons from Avast Security said IT departments and chief information security officers should make sure their staff know about this new type of scam.
Corrons suggested companies update their anti-malware software and make sure staff report and avoid responding to the emails.