The agency responsible for Australia’s national disability insurance scheme is waiting to discover if it’s been affected by a Russian-linked ransomware attack that saw hackers demand a $4 million crypto ransom.
Hacker collective APLHV (known also as Blackcat) announced back in April that it had stolen 3.6 terabytes (TB) worth of data from the law firm HWL Ebsworth. As of this month, 1.1TB worth of data has been posted online.
According to AusTender contracts, HWL Ebsworth works alongside dozens of government agencies and is currently representing the NDIA in a series of legal appeals that have been brought against it. The agency itself also suffered a breach last year.
Court papers reveal how the hackers sent the crypto ransom to the legal firm via email, however, the first two ransom letters were caught by the company’s anti-spam filters. The firm only reacted to the threat after the dark web post became more widely known and a third email arrived.
An NDIA spokesperson told the Guardian, “The NDIA is engaging with HWL Ebsworth regarding the cyber incident and whether any NDIA information has been affected.”
Last weekend, HWL Ebsworth obtained a non-publication order from the New South Wales supreme court that restricts the publication of the leak.
Cybersecurity firm Intel 471’s chief intelligence officer, Micheal DeBolt said that ALPHV is one of the top ransomware groups currently operating. He said that the group has “conducted attacks around the world and across many industries, which suggests the group is mostly opportunistic when it comes to targeting.”
The Office of the Australian Information Commissioner, another client of the law firm, said last week that it too was mentioned in the leaked documents.