Russian-linked cybercriminals claim to have published troves of sensitive data after a large law firm used by the Australian government vowed not to bend to their ransom demands.
Key points:
- A hacking group claims to have stolen internal company documents from HWL Ebsworth
- Home Affairs says it is investigating the "potential impact on the government"
- The large law firm says it is investigating but will not submit to the hackers' ransom demand
Late last night the AlphV ransomware gang, also known as BlackCat, said it had published 1.45 terabytes of data on the dark web that it allegedly stole from HWL Ebsworth in late April, with the message: "ENJOY!!!"
It is unclear what data was published but AlphV has previously claimed to be in possession of internal company data including financial and insurance data, credit card information, agreements and reports.
If the group's claims are accurate, it means hackers are still holding onto 2.55 terabytes of unpublished data.
AlphV's claim was first picked up by threat analyst @CyberKnow20 on Twitter.
A spokesman for HWL Ebsworth said the firm was investigating the claim.
"We have learnt that the cyber criminals who accessed our systems have now claimed to have published around one-third of the total data they say has been exfiltrated from our firm," he said.
"We are investigating this claim and are seeking to identify what data may have been published.
"HWL Ebsworth will not submit to the ransom demand.
"We take our ethical and moral duties to the community very seriously, and we consider we have a fundamental civic duty to not, in any way, encourage or be seen to condone the criminal activity of extorting money by taking and threatening the publishing of other people's data."
Home Affairs investigating as governments potentially affected
The hack of HWL Ebsworth represents a significant headache for the firm and its clients, which have previously included ANZ, the South Australian, Queensland and ACT governments, the Environment and Human Services Department and the Australian Taxation Office (ATO).
The ABC is not suggesting that these clients have been directly affected by the hack.
However the federal government has confirmed it was a client of the law firm and may have been caught up in the breach.
The Home Affairs department revealed on Friday it set up three "working groups" to respond to the hack.
A spokeswoman said a specialist legal team has already had 10 meetings to discuss the incident and its "potential impact on the government as a user of HWL Ebsworth's legal services".
"A Sensitive Information Working Group may be convened to discuss the management of any information exposed in the breach which may be related to vulnerable people, national security and law enforcement matters," she said.
The spokeswoman also said that another team, dedicated to identity security, may be started to manage any issues around identifiable information and credentials of those affected.
The Tasmanian government also confirmed it might be affected by the breach, just months after a separate hack compromised names, addresses and bank statements of Tasmanians.
In a statement, Tasmania's Minister for Science and Technology Madeleine Ogilvie said investigations were underway to ascertain if any information had been compromised in the "illegal release of data held by national law firm HWL Ebsworth onto the dark web".
"This is concerning and we are working closely with the Australian government to establish if any Tasmanian information has been impacted," she said.
"While this may take some time considering the volume of data involved — we are taking swift action and will keep the Tasmanian community informed with further developments."
Ms Ogilvie said the "federal government contacted the state government this morning about the release of data" from the hack.
She told a budget estimates hearing on Thursday that the departments of Justice, State Growth, and Police, Fire and Emergency Management had dealings with the law firm.
In April, the Tasmanian government confirmed names, addresses and bank statements of Tasmanian parents and students had been released online in a data breach involving at least 16,000 documents.
The documents were released by hackers as part of a cyber attack on a third-party transfer software used by the Tasmanian Department of Education, Children and Young People.
Hack comes amid rise in ransomware attacks
The hackers reportedly issued the threat to publish the data earlier this week, according to the Australian Financial Review.
HWL Ebsworth said it was communicating with its clients.
"We continue to work with the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and all relevant government authorities and law enforcement," a spokesman said.
"The privacy and security of our client and employee data remains of the utmost importance."
The incident has prompted agencies like the ATO to warn taxpayers to be alert to scams which refer to HWL Ebsworth.
There has been a dramatic increase in the number of ransomware attacks on Australian businesses.
The Australian Cyber Security Centre has found that there was about a 75 per cent increase in incidents since 2019-20.
Loading...