In a significant development, several major Australian banks find themselves entangled in a large-scale ransomware attack targeting the law firm HWL Ebsworth. Westpac, NAB, Commonwealth Bank, and ANZ are among the public and private sector entities that may have fallen victim to data theft.
In April, the BlackCat ransomware gang, also known as ALPHV, successfully infiltrated HWL’s Melbourne servers, making off with a staggering four terabytes of data. The stolen information includes local and remote company credentials, credit card details, loan data, customer documentation (including identification particulars), insurance agreements, and internal company data.
HWL Ebsworth, in a statement, clarified that the compromised data pertained to a confined section of their system and not their core document management system. The law firm sought an injunction from the NSW Supreme Court last week, restraining the Russian hacking group, BlackCat, from publishing further data exposing the affairs of numerous client entities. However, HWL Ebsworth has thus far refused to pay the reported AUD5 million ransom demand, resulting in the hackers posting some of the pilfered data online.
Professor Monica Whitty, an expert in cybersecurity at Monash University, emphasizes the need for greater transparency surrounding the breach and how the hackers managed to obtain such a vast amount of information. She stresses the importance of ensuring affected clients and the general public are informed about the breach and provided with guidance on protecting themselves. Additionally, Whitty highlights the urgent need for organizations to enhance their cybersecurity measures and strengthen both technical and human defenses.
The major banks involved have acknowledged their status as HWL Ebsworth clients but have divulged limited information regarding their exposure in the attack. They assert that their own servers remain uncompromised, as the data at risk pertains to information provided to and retained by the law firm. Only NAB has confirmed that some of its data was among the 1.4 terabytes released by the hackers after HWL Ebsworth rejected their demands.
ANZ, in a statement, acknowledges its affiliation with HWL Ebsworth for certain legal matters and pledges to collaborate with the law firm and other stakeholders to assess and address the potential exposure. The bank intends to directly contact affected employees and customers, ensuring they receive appropriate notification and support.
The repercussions of this cyber attack extend beyond the banking sector, drawing attention from boardrooms and agency heads nationwide. Numerous ASX-listed companies and government agencies, including the ACCC, the Department of Human Services, the OAIC, and the Australian Federal Police, have also suffered data losses. Responding to incidents like the HWL Ebsworth attack, the Australian Government is set to appoint Air Vice-Marshal Darren Goldie as the first cybersecurity coordinator on June 23. Goldie’s role will focus on swift responses to cyber hacks and threats.
While the HWL Ebsworth cyber attack garners significant attention, other local entities, such as PwC Australia, have recently confirmed data breaches in the May MOVEit hack. The Cl0p ransomware gang has escalated the situation by publicly profiling organizations with compromised data, attempting to extort payments from them.
The incidents highlight the pressing need for organizations across Australia to prioritize and strengthen their cybersecurity measures, effectively mitigating the risks posed by sophisticated ransomware attacks. It is imperative for businesses and government agencies alike to invest in robust defenses to safeguard sensitive data, protect clients, and maintain public trust in an increasingly digital landscape.