Aussie companies hostage to ransomware thrown lifeline

The Federal Bureau of Investigation (FBI) decryption tool could restore systems to 56 businesses and government agencies around the country that were targeted by BlackCat ransomware over the past year, Australian Federal Police (AFP) said.

BlackCat ransomware, also known as ALPHV or Noberus, was allegedly responsible for a cyber attack on the commercial law firm HWL Ebsworth that released client and employee data on the dark web in April.

"The unlawful activity by BlackCat had a severe impact on Australian businesses, many of which remain without access to some key systems," AFP assistant commissioner Scott Lee said.

"The FBI developed a decryption tool that allowed law enforcement partners around the world to offer more than 400 affected victims the capability to restore their systems," he said.

BlackCat ransomware finds and attacks businesses and institutions that are considered "high-value" to steal sensitive data and encrypt files to prevent the victims from viewing important documents.

Users then demand a payment to decrypt the victim's system with the threat of publishing stolen data.

"This ransomware group first came to law enforcement attention in 2021 and has had a significant impact on the Australian community and on entities around the world," assistant commissioner Lee said.

"If a victim pays a ransom, the BlackCat developers and affiliates share the funds," AFP said.

"If victims refuse the extortion attempts, the criminals commonly retaliate by publishing stolen data to a leak website where anyone can download it and use it for further crimes."

Critical infrastructure networks, universities, court systems and major companies have been targeted by BlackCat around the world, AFP said.

Ransom payments, destruction or theft of proprietary data are among the expenses that contributed to "hundreds of millions of dollars" lost through the ransomware internationally.

Assistant commissioner Lee said the Australian economy lost $3 billion each year from ransomware attacks with a cybercrime reported every six minutes.

"The Australian Government advises against paying ransoms," he said.

"We urge anyone who has been the target of a BlackCat ransomware attack or any other ransomware breach and has not yet reported it, to report to police.

"If we are alerted to an incident in its earliest moments, we have our best shot at gathering the evidence we need to identify those responsible for the attack, disrupt their activities and bring them to justice," he said.

Anyone in Australia who believes they are the victim of a cybercrime should immediately contact ReportCyber at report.cyber.gov.au. If there is an imminent threat to safety, call Triple Zero.

The Australian cyber Security Centre also has a range of practical guides to help organisations protect themselves against ransomware attacks.