The Russian-linked cybercriminals responsible for the recent attack on national law firm HWL Ebsworth claim to have leaked troves of sensitive information to the dark web, potentially including data belonging to the Tasmanian Government.
On 8 June, the AlphV ransomware gang, also known as Blackcat, said it released 1.45 of the four terabytes of data it allegedly stole from the firm in early May this year.
It’s unclear exactly what information has been leaked, but it’s understood the hack acquired company data including client documents, financial reports, accounting data, credit card information and employee CVs and IDs.
The Tasmania Government is one of the firm’s clients, along with all levels of government, and other major institutions. This is also the second time this year the Tasmanian Government has faced a serious data breach, with data belonging to the Department of Education, Children and Young People compromised by a third-party file transfer service.
Minister for Science and Technology Madeleine Ogilvie said Australian Government authorities are taking a “nationally coordinated approach” to investigate the potentially far-reaching impacts of the Blackcat incident.
“This is concerning, and we are working closely with the Australian Government to establish if any Tasmanian information has been impacted,” she said.
“While this may take some time considering the volume of data involved, we are taking swift action and will keep the Tasmanian community informed with further developments.”
The leak was also picked up by an analyst page on Twitter called CyberKnow Situational Awareness, and shared with the cyber community.
A spokesman for HWL Ebsworth told the ABC that the firm would not submit to any random demand from the group.
“We have learnt that the cyber criminals who accessed our systems have now claimed to have published around one-third of the total data they say has been exfiltrated from our firm,” the spokesperson told the ABC.
“We are investigating this claim and are seeking to identify what data may have been published.
“We take our ethical and moral duties to the community very seriously, and we consider we have a fundamental civic duty to not, in any way, encourage or be seen to condone the criminal activity of extorting money by taking and threatening the publishing of other people’s data.”
Blackcat is one of the three ransomware groups targeting Australia, operating as a “ransomware-as-a-service” product for hire. It has been actively attacking large organisations in Australia since late 2021.