{ "id": "4e5d4a7e-d29d-4227-92bf-070c5df976c5", "created_at": "2026-04-17T02:21:03.465618Z", "updated_at": "2026-04-18T02:21:52.400571Z", "deleted_at": null, "sha1_hash": "3845894a09badd3c621f2ed6676a5f1d0e7f8caa", "title": "Exclusive: Krybit hackers claim breach of New Zealand IT services provider", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 89462, "plain_text": "Exclusive: Krybit hackers claim breach of New Zealand IT services\r\nprovider\r\nBy David Hollingworth\r\nPublished: 2026-04-15 · Archived: 2026-04-17 02:04:51 UTC\r\nRansomware new kids on the block, Krybit, has listed Auckland-based Dencom New Zealand as a hacking victim.\r\nA newcomer to the ransomware scene has listed Kiwi company Dencom New Zealand as a victim on its darknet\r\nleak site, one of 16 victims the group has claimed to breach since it was first observed earlier this month.\r\nKrybit listed the IT services provider on 12 April and set a ransom deadline of 22 April.\r\nThe hacker has not detailed the ransom they are seeking, but has published several documents as evidence of the\r\nhack.\r\nThe documents include personal, family correspondence of a Dencom employee, tax invoices, and medical\r\ndocuments – the documents date from between 2013 and 2020.\r\nKrybit has not shared the volume of data exfiltrated during the alleged incident.\r\nDencom New Zealand – whose website remains inaccessible as of the time of writing – has not responded to\r\nCyber Daily’s request for comment.\r\nWho is Krybit?\r\nGiven the group’s relative junior status, not much is known about Krybit other than what it says on its leak site.\r\nThe group has positioned itself as a ransomware-as-a-service operator and is actively advertising the service\r\nonline. Affiliates keep 80 per cent of any ransom proceeds, in return for the other 20 per cent, Krybit offers\r\nunlimited storage, 24/7 technical support, a fully automated malware suite, and access to a unique ransomware\r\ndashboard.\r\nKrybit also seems to be engaged in somewhat of a turf war with another extortion operation, 0APT, which is\r\nactively attempting to extort Krybit.\r\n“If the group does not make the payment or contact us, we will reveal their identity photos, names, location, and\r\nother,” 0APT said a few days ago.\r\n“And if you are one of their victims, contact us to get your data unlocked.”\r\nKrybit’s leak site was down for maintenance as of yesterday, but is now back online and firing back at 0APT. The\r\ngroup has now published a list of what appears to be compromised files belonging to 0APT alongside a chatlog\r\nbetween the two groups.\r\nhttps://www.cyberdaily.au/security/13464-exclusive-krybit-hackers-claim-breach-of-new-zealand-it-services-provider\r\nPage 1 of 2\n\n“Next time, don’t play with the big boys,” Krybit said once its site was back up.\r\n“The response will be fast.”\r\nWho is Dencom New Zealand?\r\nWhile the company’s website remains down, there are still some details to be gleaned from corporate listings on\r\nsites such as companyhub.nz. The company is a computer consulting firm and appears to operate from a\r\nresidential address in Auckland, on the Te Atatu Peninsula.\r\nDencom New Zealand offers services including cloud backups, VOIP phone systems, web hosting, and IT\r\nhardware and software solutions.\r\nWant to see more stories from trusted news sources?\r\nMake Cyber Daily a preferred news source on Google.\r\nDavid Hollingworth\r\nDavid Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and\r\nonline titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about\r\nLego.\r\nTags:\r\nSource: https://www.cyberdaily.au/security/13464-exclusive-krybit-hackers-claim-breach-of-new-zealand-it-services-provider\r\nhttps://www.cyberdaily.au/security/13464-exclusive-krybit-hackers-claim-breach-of-new-zealand-it-services-provider\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY" ], "origins": [ "web" ], "references": [ "https://www.cyberdaily.au/security/13464-exclusive-krybit-hackers-claim-breach-of-new-zealand-it-services-provider" ], "report_names": [ "13464-exclusive-krybit-hackers-claim-breach-of-new-zealand-it-services-provider" ], "threat_actors": [ { "id": "599a2a68-492d-40dc-adfd-45bf13e0481e", "created_at": "2026-04-17T02:00:03.801594Z", "updated_at": "2026-04-18T02:00:04.270282Z", "deleted_at": null, "main_name": "Krybit", "aliases": [], "source_name": "MISPGALAXY:Krybit", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1776392463, "ts_updated_at": 1776478912, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/3845894a09badd3c621f2ed6676a5f1d0e7f8caa.pdf", "text": "https://archive.orkl.eu/3845894a09badd3c621f2ed6676a5f1d0e7f8caa.txt", "img": "https://archive.orkl.eu/3845894a09badd3c621f2ed6676a5f1d0e7f8caa.jpg" } }