The company has since engaged forensics and recovery firms and now believes the attacker used Nine systems to send fraudulent updates to workers’ computers. These updates encrypted data and made the machines unresponsive.

Aaron Bugal, global solutions engineer at cybersecurity company Sophos, said encryption often indicated the end of an attack, not the start of one. “The attackers have already spent a great deal of time within these networks, filtering around information, looking at systems, gaining access to devices that they shouldn’t be in.”

He added that the lack of a ransom demand could indicate the attackers were after sensitive information. “Typically most attackers are looking for some sort of immediate return on their investment of time, like requesting a payment in bitcoin. A destructive attack like this with no extortion is quite different,” he said.

“I wouldn’t be surprised if information data theft and exfiltration, of information that this company held closely, was conducted, and who knows where it’s going to turn up next.”

Nine is also working with the Australian Signals Directorate (ASD) to determine the source of the attack.

Communications Minister Paul Fletcher said he was concerned about the “significant” cyber security challenges faced by Australian businesses and government departments. The government’s $1.67 billion cyber security strategy, announced in August, included record funding for the ASD to disrupt foreign cyber criminals and better identify malicious hacks.

Loading

“The reality is that cyber security attacks may well come from foreign actors,” Mr Fletcher said. “There’ve been attacks before that have been suspected of coming from such sources. And this is a challenge that Australia as a liberal democracy needs to be aware of.”

However, Labor cyber security spokesman Tim Watts said non-government democratic institutions were slipping through the cracks of the government’s policy. “Helping people after they’ve been the victims of an attack is all well and good, but what is the government doing to prevent these attacks in the first place, to help organisations build their cyber resilience so that they can keep attackers out?” he said.

Paul Haskell-Dowland, associate professor at Edith Cowan University, said easier access to hacking tools has led to a surge in encryption attacks on networks.

“The kinds of tools that you use in these kinds of attacks are readily available in what we call the hidden underground economy, or the black market,” he said.

“Not only does it [the software] come with an instruction manual, and packaged in an inappropriate form, but it will often come with 24/7 technical support and the guarantee.”

He added that an encryption attack was also “a near-perfect crime” when it comes to throwing an organisation into chaos. Attackers often destroy the decryption keys to cover their attacks and leave their victims with little chance to recover the locked data.

“For many smaller organisations, this kind of attack is fatal,” he said.

Speculation has suggested the attacker could be backed by a nation state — for example Russia, China or North Korea — but Mr Hunt said the publicly-available information didn’t allow for any conclusive attribution.

Loading

“When we look at the two most noteworthy nation states events of this year, Solar Winds and then the Microsoft Exchange situation, those were campaigns that were extremely sophisticated, extremely well run, gave access to huge amounts of data, without necessarily being deliberately disruptive,” he said.

While Nine programs have reported on the likes of North Korea and Russia, and ransomware has been deployed in response in the past — most notably hitting Sony Pictures in response to Seth Rogen’s satirical film The Interview — Mr Hunt said this latest hack was just as likely the work of hacktivists or criminals.