Impact of HWL Ebsworth’s Crypto-Ransomware Attack on Australia’s NDIS
Australia’s National Disability Insurance System (NDIS) is on high alert following a high-profile ransomware attack on law firm HWL Ebsworth, in which sensitive client information may have been hacked and posted on the dark web.
The Russian ransomware group ALPHV/Blackcat is responsible
Sensitive client information is at risk after a massive cyberattack on law firm HWL Ebsworth, with the National Disability Insurance Agency (NDIS) raising concerns. The hack was reportedly carried out by the ALPHV/Blackcat ransomware group, and the criminals posted some of the stolen data on the dark web.
According to sources close to the matter, of the 3.6 terabytes (TB) of compromised data, about 1.1 TB was released on the dark web. HWL Ebsworth has obtained a court order to prevent further release of the leaked material, as clients, including the NDIS agency, wait to find out if personal information has been disclosed.
The NDIS says it is actively engaged with HWL Ebsworth to assess the impact of the ransomware attack on the agency’s sensitive information. Sources say that an individual involved in a case against a government agency has already found his personal information among the leaked data.
The ransomware attack extends beyond HWL Ebsworth customers, as the Office of the Australian Information Commissioner (OAIC) has also confirmed it has been affected. Some of the OAIC files were embedded in hacked data released on the dark web, and the regulator has hinted it will investigate how HWL Ebsworth handles and protects private information.
Cybersecurity experts have emphasized the global reach of the ALPHV/Blackcat ransomware group, which targets various industries around the world. The law firm initially dismissed the ransomware threats, but subsequent events confirmed the legitimacy of the allegations, leading to growing concerns about data security.
Threat of encrypted ransomware attacks
Ransomware attacks continue to be a major threat to organizations globally.
Last March, reports emerged that law enforcement agents in the US, Germany and Europol had joined forces to take down ChipMixer, a platform commonly used by dark web criminals and ransomware hackers to launder their illegitimate cryptocurrency.
At that time, the authorities had successfully seized four ChipMixer servers, about 7 terabytes of data, and received 1,909.4 BTC through 55 transactions, worth about $46 million.
In January, the US Department of Justice arrested the notorious Hive cryptocurrency ransomware gang, recovering more than 1,300 decryption keys stolen from victims since July 2022.
Despite ransomware attacks, recent research findings from Chainalysis, a leading blockchain analytics company, suggest that these criminals may be losing control, with revenues from crypto-ransomware attacks declining by 40% in 2022.