HWL Ebsworth, an Australian commercial law company, has fallen victim to a Russian-sponsored ransomware attack. The ransomware operators claimed they acquired client data and employee information during the incident.
The stolen information allegedly contained four terabytes of data, including financial reports, accounting details, credit card info, client documents, and IDs.
The Blackcat ransomware group posted HWL Ebsworth as their new victim on their leak website.
Researchers observed that the notorious Blackcat ransomware gang posted on its data leak website a 4-terabyte dataset allegedly owned by HWL Ebsworth. The leaked data included employee CVs, accounting data, financial reports, credit card information IDs, and a complete network map.
Blackcat, or ALPHV, is one of the ransomware groups that heavily targets Australia in the past months. The group runs as a ransomware-as-a-service (RaaS) and has consistently targeted large, high-end organisations.
In addition, the group has previously infiltrated and compromised a similar data set from a real estate company called LJ Hooker last year. A separate researcher stated that the threat actors have entered the company’s network by leveraging a known vulnerability in an outdated or unpatched firewall or virtual network devices.
Legal firms have been one of the most targeted industries by ransomware actors. The Asia-Pacific and Australian region have also experienced numerous law firm-ransomware attacks for the past year.
These cyberattacks have urged the Australian and federal governments to increase the efficiency of national security by mandating organisations to strengthen their defences. The new law included more resources for the Australian federal police and appointed a national cybersecurity panel.
Australia’s home affairs and cybersecurity minister stated that the Australian government have been battling threat actors that seek financial gain. Australia has considered these attacks as the number one threat against their companies.
The efficiency of these malicious attacks came from groups that exploit legitimate business models to earn revenue. These actors also generate online portals where anyone can buy tools and support to execute cybercriminal attacks. Therefore, the threat actors represent a significant threat to Australia’s national economic status since every infected company could provide their demands.
