Tag: ransomware

1
Ransomware plan of action
2
Ransomware attacks – is there harm even when nothing is stolen?
3
REvil strikes again – ransomware attack on UnitingCare Queensland
4
Other Australian companies attacked by the same ransomware attack on the JBS meat processing company
5
Ransomware attack on the world’s largest meatpacking company JBS
6
Class action following ransomware attack on Colonial Pipeline
7
Continuing to take its Toll: Toll Group still feeling impacts nine months after experiencing Ransomware Attack
8
First reported death connected to misfired ransomware attack on German hospital
9
A phishing pandemic – Part I
10
The FBI understands if you pay ransom to cyber hackers, but isn’t too pleased about it

Ransomware plan of action

By Cameron Abbott, Rob Pulham and Ella Richards

Following the 60% increase in ransomware attacks over the past year, the Department of Home Affairs has released a Ransomware Action Plan – proposing to introduce mandatory reporting requirements for companies who have been hit by a ransomware attack.

Under the proposal, companies with a turnover of $10 million or more per year will be required to inform the Australian Cyber Security Centre soon after experiencing a ransomware attack and will face civil penalties if they fail to comply. The government is also planning to introduce a standalone offence for cybercriminals who seek to target critical infrastructure as part of the Security Legislation Amendment (Critical Infrastructure) Bill 2020.

This document is part of Australia’s overarching 2020 Cyber Security Strategy, with industry and community consultation anticipated in the near future. Stand by for further developments.

Ransomware attacks – is there harm even when nothing is stolen?

By Cameron Abbott and Ella Richards

In November 2020, accounting and consulting firm Nexia Australia (Nexia) was alerted to a “REvil” ransomware attack taking place within its system. The attackers threatened to post personal information of Nexia’s clients, customers and staff online unless it paid a $1m ransom within 72 hours.

It was reported that the hackers appeared to have posted Nexia’s confidential files onto the dark web; however, further investigation revealed that the hackers had merely posted screenshots of Nexia’s files. Realising this, Nexia dismissed the threat and refused to pay the ransom.

But it didn’t end there.

Shortly after the attack, a news service found the Nexia screenshots on the dark web and publicised that the company’s confidential information had been stolen and shared. Not only did Nexia have to reassure panicking clients that their confidential information remained uncompromised, it had to convince the Australian Securities and Investments Commission, the Australian Federal Police and the Privacy Commissioner that nothing of concern had been taken.

It doesn’t help that ransomware-as-a-service is becoming an increasingly lucrative business for cybercriminals to launch this type of attack. All that is needed is off-the-shelf malware, a wallet of cryptocurrency and it’s ready to deploy against an unsuspecting organisation.

The attack on Nexia demonstrates that even if there is no evidence that confidential information has been leaked, organisations can still suffer significant damage. The cost of reassuring stakeholders and mitigating reputational harm can almost match the consequences of a full blown attack.

As Warren Buffet famously quoted, “It takes 20 years to build a reputation and 5 minutes to ruin it”.  While Nexia recovered valiantly, this serves as a lesson that even when unsuccessful, the public ramifications of a ransomware attack are not to be underestimated.

REvil strikes again – ransomware attack on UnitingCare Queensland

By Cameron Abbott and Jacqueline Patishman

Following a ransomware infection in late April, UnitingCare Queensland has suffered a nearly 2 month long ordeal to regain control of its systems. UnitingCare was a victim of malware called Sodinokibi/REvil which encrypted its files and attempted to delete backups.

Read More

Ransomware attack on the world’s largest meatpacking company JBS

By Cameron AbbottRob Pulham and Jacqueline Patishman

Last week, a ransomware attack on the world’s largest meatpacking company caused a temporary shut-down of its operations in Australia and North America. The attack infiltrated the company’s quality assurance systems and ultimately prevented normal production.

Read More

Class action following ransomware attack on Colonial Pipeline

By Cameron Abbott and Jacqueline Patishman

Last week we posted about a ransomware attack on the American Colonial Pipeline Company. This week, the Company has been hit with a class action alleging that a range of US businesses and consumers suffered loss as a result of Colonial Pipeline’s decision to cut its supply of fuel until the ransomware attack was resolved. Meanwhile, the Company is still not entirely back on track – Colonial’s main website is still offline.

Read More

Continuing to take its Toll: Toll Group still feeling impacts nine months after experiencing Ransomware Attack

By Cameron Abbott, Keely O’Dowd and Max Evans

Back in February, we blogged about the large scale ransomware attack experienced by Toll Group.

IT News reports Toll is still “mopping up” the damage caused by these attacks. Since July, Toll has embarked on a year-long accelerated cyber resilience program incorporating teams in India and Australia which led to the appointment of former Telstra Asia Pacific CISO Berin Lautenbach as Toll’s global head of information security in August.

Read More

First reported death connected to misfired ransomware attack on German hospital

By Cameron Abbott and Keely O’Dowd

News reports have surfaced that a woman in Germany has died due to a delay in receiving medical care. What is most concerning about this death is the circumstances in which the woman tragically passed away.

According to reports, the woman needed urgent medical treatment and the hospital she presented to, Duesseldorf University Hospital, was unable to admit her as it was dealing with a ransomware attack.

The hackers exploited a vulnerability in a widely used commercial add-on software. This attack caused a failure in the hospital’s IT systems resulting in it being unable to access data and diverting emergency patients elsewhere. The woman was redirected to a hospital approximately 30km away from Duesseldorf University Hospital, which led to a delay in the woman receiving treatment. Unfortunately the delay proved fatal and the women passed away before she could be treated.

Read More

A phishing pandemic – Part I

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

It’s upsetting to report, but should come as no surprise, that scammers are seeking to take advantage of organisations during the COVID-19 pandemic.

The Australian Competition and Consumer Commission’s Scamwatch website reports that phishing attacks are on the rise, with scammers impersonating the World Health Organisation and other agencies. Scams include anything from offering victims a vaccine for COVID-19 to investment opportunities created by the pandemic.

Read More

The FBI understands if you pay ransom to cyber hackers, but isn’t too pleased about it

By Cameron Abbott and Karla Hodgson

While the FBI won’t be impressed if you pay ransomware demands in order to get your systems or data back after a cyber attack, its updated ransomware guidance contemplates that this might just be the outcome of an attack anyway.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.