The NSW branch of the Labor Party appears to have suffered a Windows ransomware attack, with the Avaddon strain having been used to attack the party's network. Contacted for comment, a party spokesperson told iTWire: "The matters raised are of serious concerns. We have referred the matter to police and we are conducting a full investigation."
This is the second attack by this gang on an Australian entity over the last few days, with the website of the Telstra dealer, Schepisi Communications, having been taken offline after it was hit. On its site on the dark web, the group said NSW Labor had about 10 days left to make contact and "co-operate with us". Else, it said, data that had been stolen would be leaked.
It claimed data about contracts, confidential information and contracts, drivers' licence details, passports, employment contracts, and resumes had been stolen.
The Avaddon gang also threatened to hit the party's website with a distributed denial-of-service attack and claimed that any data that had been encrypted would not be able to be decrypted using any external tool. Photocopies of an Australian passport, a driver's licence and a number of other documents have been posted online.
Avaddon has not been used in many attacks as other strains of Windows ransomware. Prior to the attack on the Telstra dealer, only two other hits were reported by iTWire: one on an aircraft leasing asset manager and the other on a small businessman in Columbus, Ohio. The security firm Emsisoft, which specialises in tackling ransomware, said in its latest report on the cost of ransomware in 2020 that there had been 2775 attacks on Australian organisations, based on submissions made to the ransomware identification service, ID Ransomware. But this was believed to be only a quarter of the actual number, Emsisoft added.
Chief executive of sec outfit VeroGuard Systems, said:
“Any organisation that holds valuable personal or business data on their servers is a target for cyber attacks. Unfortunately for political parties like NSW Labor, these factors are exponentially increased due to the sensitive nature of the data they hold, and the publicity and disruption hackers can generate from these attacks. "What this attack shows is that no organisation is immune to attack. In fact, the frequency and likelihood of these attacks, which recently includes schools and hospitals, has been further exacerbated by the current trend to move everything to the cloud, providing cyber criminals with greater attack options.
"Protecting access to our systems The most important requirement for safeguarding cyber infrastructure is to positively assure the authentication of a user requesting access to the cyber infrastructure and services. All privacy safeguards in place are useless if a hostile intrusion can be disguised as coming from an assumed trusted source.”
Sam Varghese - 7 May 2021