Australia’s National Disability Insurance Scheme (NDIS) is on high alert following a high-profile ransomware attack on law firm HWL Ebsworth, where sensitive client information may have been compromised and released on the dark web.
Russian ransomware group ALPHV/Blackcat responsible
Sensitive client information is at risk following a massive cyberattack on the law firm HWL Ebsworth, with the National Disability Insurance Scheme (NDIS) agency expressing concerns. The hack was reportedly carried out by ALPHV/Blackcat ransomware group, and the criminals have posted some of the stolen data on the dark web.
Per sources close to the matter, of the 3.6 terabytes (TB) of compromised data, about 1.1 TB has been released on the dark web. HWL Ebsworth obtained a court order to prevent further release of the leaked material, as clients, including the NDIS agency, wait to learn if personal information has been exposed.
The NDIS says it’s actively engaging with HWL Ebsworth to assess the impact of the ransomware attack on the agency’s sensitive information. Sources say that one individual involved in a case against a government agency has already found their personal information among the leaked data.
The ransomware attack extends beyond HWL Ebsworth’s clients, as the Office of the Australian Information Commissioner (OAIC) has also confirmed it was affected. Certain OAIC files were included in the compromised data released on the dark web, and the regulator has hinted that it will investigate how HWL Ebsworth handled and protected private information.
Cybersecurity experts have emphasized the global reach of the ALPHV/Blackcat ransomware group, targeting various industries worldwide. The law firm initially dismissed the ransomware threats, but subsequent events confirmed the legitimacy of the claims, leading to heightened concerns about data security.
Menacing crypto-ransomware attacks
Crypto-powered ransomware attacks remain a huge threat to organizations globally.
Last March, reports emerged that law enforcement agents in the U.S., Germany, and Europol had joined forces to take down ChipMixer, a platform commonly used by darknet criminals and ransomware hackers to launder their ill-gotten cryptocurrencies.
At the time, the authorities successfully seized four ChipMixer servers, about 7 TB of data, and 1909.4 BTC received through 55 transactions, worth approximately $46 million.
In January, the United States Department of Justice (DOJ) apprehended the notorious Hive cryptocurrency ransomware gang, recovering over 1300 decryption keys that had been stolen from victims since July 2022.
Despite ransomware attacks, recent research findings by Chainalysis, a leading blockchain analytics company, indicate that these criminals may be losing their hold, as revenue from crypto-ransomware attacks declined by 40% in 2022.