Russian Hackers Strike Australian Companies in 'BlackCat' Cyber Attacks

Several Australian companies have been hit by a ransomware attack, which is reportedly linked to Russian hackers who call themselves “AlphV”, also known as “BlackCat”. The attack, which targeted the firm's IT systems, resulted in the encryption of its data, rendering it inaccessible. The hackers behind the attack have allegedly demanded a ransom of an unknown amount in return for the stolen data of at least 4.95 terabytes.

Known Affected Companies Targeted by BlackCat:

• TissuPath, a pathology company

• Strata Plan, an owner-corporation service provider

• Barry Plant Blackburn, a real estate agency

• Tisher Liner FC Law, a business and property law firm

AlphV and the representatives of the targeted companies have been contacting each other privately to settle the dispute and the unknown ransom. As of now, it is clear the Australian companies will not budge for the Russian hackers.

"Due to your representatives' refusal to negotiate, we are launching a campaign involving email distribution and calls to your clients," the hackers said in a post on their dedicated leak site. "Your clients will be offered the option to pay a fee for the removal of their data from the public leak. You still have a chance to prevent a catastrophe.”

What Data Has Been Stolen?

The data stolen is still under investigation and full details regarding what may be contained in the missing data have not been made public. However, TissuPath, one of the companies affected, said patient names, dates of birth, contact details, Medicare numbers, and private health insurance details have been exposed.

A spokesman of TissuPath said "....we can confirm that we are investigating a data breach at a third-party IT supplier involving pathology referrals issued to TissuPath between 2011 and 2020. Importantly, TissuPath's main database and reporting system that stores patient diagnoses was not compromised. Further, we do not store patient financial details and other personal information documents, such as driver's license numbers. We are very sorry this has happened, and we sincerely apologise to our patients who may have been affected."

Lisa Pennell, who is the chief executive of Barry Plant, stated that the hackers are claiming to have stolen 3 terabytes of unknown data from Barry Plant. "We have become aware that a third-party supplier to a small part of the property management business of one of our [franchise] offices has had a cyber incident," Ms Pennell said. "This supplier is [an] IT-managed service provider and not owned or related directly to the Barry Plant Group more broadly other than providing their service to this specific local office in Blackburn. We are supporting our franchisee and have engaged market-leading experts to help us assess the situation."

The cybercriminals have also claimed to have breached and stolen 1.3 terabytes of data information belonging to Strata Plan but Simon Chamaa, director of Strata Plan, disputed the claim. "Rest assured, that Strata Plan's data remains secure. Thanks to our precautionary measures already in place, we have not experienced any impact on our systems. Strata Plan is actively investigating the matter with the assistance of cybersecurity experts, and we are dedicated to addressing this matter swiftly and effectively.

Why Target only Australian Companies?

The Australian companies affected by the cyber attack had one thing in common, they were all clients of ‘Core Desktop’, a company based in South Melbourne that was hired to provide IT services.

The ABC has obtained a letter that Core Desktop sent to its clients, revealing the company has been aware of the hack since the 22nd of August.

"Our cyber forensic team do not have a firm understanding of the origins of the entry but initial suggestions are that it was from a targeted client-side phishing attack which infiltrated our control systems, impersonated privileged accounts, and encrypted some servers," the letter said. "They appear to have acted in a focused fashion and threatened a small number of Core Desktop clients."

Core Desktop has since regained control of its systems after shutting down access to all affected accounts, resetting login details for administrators, resetting client passwords, and hiring cybersecurity specialists.

Remain Aware, Remain Vigilant

Ransomware attacks have become more prevalent in recent years, with cybercriminals using increasingly sophisticated methods to infiltrate the IT systems of businesses and organisations. 

The fact that the attack is linked to Russian hackers raises concerns about the motives behind the attack and the potential for further cyber threats against Australian businesses and organisations. The Australian government has previously issued warnings about the activities of state-sponsored hackers, urging businesses to take steps to protect their IT systems and data.

The rise in ransomware attacks highlights the need for businesses to be vigilant and proactive in their approach to cybersecurity. This includes ensuring that staff are trained to identify and report suspicious emails, implementing multi-factor authentication to prevent unauthorised access to IT systems, and regularly backing up data to protect against the loss of information in the event of an attack.

Your Security is our Priority

Your friendly Support Team

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.