• Be alert to emails that are from copier@fire.org.nz or copier@fireandemergency.nz
  • DO NOT OPEN the email or attachments as they could contain ransomware
  • Delete the emails immediately and inform IT support (ITsupport@fire.org.nz)


Since the 8th of June, a large scale malicious email campaign is targeting a wide range organisations in New Zealand. In an attempt to entice users into opening the messages, these emails are crafted to give the appearance of being sent from an MFP “copier” device inside the organisation’s network.

The emails contain a variety of different attachments, many of which are forms of ransomware. 


A malicious email campaign is affecting many organisations in New Zealand. These emails usually take the following form:

  1. From: copier@<customer network>

          Subject: Message from KM_c224e

          Attachment: SKM_C224e<randomnumber>.zip

      2.  From: copier@<customer network>

           Subject: Scanned Image from a Xerox WorkCentre

           Attachment: Scan_0099_<randomnumber>.zip

Notably, these emails appear to be from within the organisation’s network – THIS IS NOT THE CASE.

More information on what phishing emails are and what to look out for can be found at the government website https://www.cert.govt.nz/(external link).  Click on Business and individuals, and scroll down the page to the Phishing section.

Further information from National Cyber Security Centre can be found here [PDF, 200 KB].

Last modified: