New Zealand insurance company Vercoe Insurance Brokers has fallen victim to a cyberattack orchestrated by the DragonForce ransomware gang. The cybercriminals claim to have exfiltrated over 60 gigabytes of sensitive data, putting the company and its clients at significant risk. While Vercoe has confirmed it is investigating the attack and has restored its systems, the looming threat of data exposure remains. This incident underscores the growing cybersecurity challenges facing businesses worldwide, particularly in the financial and insurance sectors.
DragonForce’s Attack and ThreatsDragonForce, a notorious ransomware group, listed Vercoe as a victim on its darknet leak site on March 5, 2025. The gang alleges it successfully extracted 60.67 gigabytes of data but has yet to release any documents proving the breach. At the time of writing, the attackers have issued a four-day ultimatum, threatening to publish the stolen data if their undisclosed ransom demands are not met.
The attack follows a familiar pattern employed by DragonForce and similar ransomware groups. Known for using double-extortion tactics, DragonForce locks victims out of their systems while simultaneously threatening to release sensitive data unless a ransom is paid. Their aggressive strategies and ransomware-as-a-service model have made them a formidable threat in the cybercrime landscape.
Vercoe’s Response and InvestigationVercoe Insurance Brokers has confirmed that it is actively investigating the claims made by the hackers.
A spokesperson for the company told Cyber Daily that Vercoe has engaged external cybersecurity experts to assess the full scope of the breach, restore affected systems, and strengthen its IT security measures.
“Since the compromise, we have engaged external experts to restore the systems that were out of operation, investigate the full scope and nature of any malicious activity, and review our IT security,” Vercoe said in a statement. “We have restored access to all systems and are back to full operational capacity. Thankfully, it appears that the impact on our ability to conduct our day-to-day work for our clients has been limited.
“We are grateful to our external providers for working hard to get us to this point.”
As a precautionary measure, Vercoe has reported the incident to New Zealand’s Office of the Privacy Commissioner and the Financial Markets Authority. Additionally, the brokerage has informed key stakeholders and insurer clients about the potential risks. The company has pledged to notify affected parties should personal data be confirmed as compromised.
Who is DragonForce?
DragonForce is currently ranked as the 34th most active ransomware group in the world. Since its emergence in December 2023, the group has claimed responsibility for attacks on at least 140 organizations across various industries. Although some analysts have speculated that DragonForce may have ties to Malaysian hacktivist group DragonForce Malaysia due to the name similarity, no concrete evidence has established a link between the two entities.
The gang is suspected of having connections to the infamous LockBit ransomware operation, one of the most disruptive ransomware groups globally. DragonForce operates on a ransomware-as-a-service (RaaS) model, allowing cybercriminal affiliates to carry out attacks while receiving a substantial share of ransom payments. Notably, the gang offers up to an 80% commission to its affiliates, an unusually high percentage that incentivizes widespread attacks.
DragonForce primarily advertises its services on Russian-language hacking forums, targeting organizations with weak cybersecurity defenses. Its recent victims in the ANZ region include Tristram European, a New Zealand car dealership that appeared on the group’s leak site on February 21, 2025.
Reference:
