The portal used by the hacking group to talk to victims of a global cyber attack appears to be down.
The hack targets software from California-founded company Kaseya, using updates from the company to instal malware into third-party systems.
St Peters School in Cambridge was one of at least 11 New Zealand schools impacted by the attack on Saturday.
This image appears when victims attempt to log into a portal used by hacker group REvil to communicate post-hack.
The attack has been attributed to the REvil ransomware gang, which is believed to operate from Russia.
READ MORE:* Cyber security firm says ‘even chance’ it could break Waikato DHB ransomware* NZ firm helps Irish health service recover from ransomware attack* DHB attackers likely to threaten to release patient health records, says expert
Emsisoft threat analyst Brett Callow discovered the portal REvil uses to communicate with victims was down about 9.30am on Tuesday.
The attack has been attributed to the REvil ransomware gang. (File photo)
REvil usually sets up anonymous chat rooms through the Tor server, through which they deliver threats and demand ransom payments, which often increase the longer companies or organisations do not pay.
Callow said it was unlikely that a state or security agency had disabled the portal as a means of stopping hackers being able to talk to their victims.
REvil may have intentionally disabled access, or they may have made a coding mistake. Its impossible to say, he said.
But REvil is uncontactable.
The issue would be a problem for any victims trying to negotiate or pay, with there being a cost for every hour companies or organisations were unable to access their systems, Callow said.
Kiwi businesses have been urged to stop using Kaseyas tool, which is used to deploy patches that keep software up-to-date and secure.
New Zealands Computer Emergency Response Team (Cert NZ) said it had instead been used to deploy ransomware.
Kaseyas software is used by 40,000 organisations around the world and the incident is causing growing concern.
Unlike other hacks where a single company is victimised, such as the Waikato District Health Board ransomware attack, all organisations using the Kaseya VSA product are potential victims.
