Russian-linked hackers taunt HWL Ebsworth over data breach, claim to have published documents to dark web
Russian-linked cybercriminals claim to have published troves of sensitive data after one of Australia’s largest law firms vowed not to bend to their ransom demands.
Late last night the AlphV ransomware gang, also known as BlackCat, said it had published 1.45 terabytes of data on the dark web that it allegedly stole from HWL Ebsworth in late April, with the message: “ENJOY!!!”
It is unclear what data was published but AlphV has previously claimed to be in possession of internal company data including financial and insurance data, credit card information, agreements and reports.
If the group’s claims are accurate, it means hackers are still holding onto 2.55 terabytes of unpublished data.
AlphV’s claim was first picked up by threat analyst @CyberKnow20 on Twitter.
A spokesman for HWL Ebsworth said the firm was investigating the claim.
“We have learnt that the cyber criminals who accessed our systems have now claimed to have published around one-third of the total data they say has been exfiltrated from our firm,” he said.
“We are investigating this claim and are seeking to identify what data may have been published.
“HWL Ebsworth will not submit to the ransom demand.
“We take our ethical and moral duties to the community very seriously, and we consider we have a fundamental civic duty to not, in any way, encourage or be seen to condone the criminal activity of extorting money by taking and threatening the publishing of other people’s data.”
State government possibly caught up in attack
The hack of HWL Ebsworth represents a significant headache for the firm and its clients, which have previously included ANZ, the South Australian, Queensland and ACT governments, the Environment and Human Services Department and the Australian Taxation Office (ATO).
The ABC is not suggesting that these clients have been directly affected by the hack.
However the Tasmanian government has said it may have been caught up in the breach, just months after a separate hack compromised names, addresses and bank statements of Tasmanians.
In a statement released today, Tasmania’s Minister for Science and Technology Madeleine Ogilvie said investigations were underway to ascertain if any information had been compromised in the “illegal release of data held by national law firm HWL Ebsworth onto the dark web”.
“This is concerning and we are working closely with the Australian government to establish if any Tasmanian information has been impacted,” she said.
“While this may take some time considering the volume of data involved — we are taking swift action and will keep the Tasmanian community informed with further developments.”
Ms Ogilvie said the “federal government contacted the state government this morning about the release of data” from the hack.
In April, the Tasmanian government confirmed names, addresses and bank statements of Tasmanian parents and students had been released online in a data breach involving at least 16,000 documents.
The documents were released by hackers as part of a cyber attack on a third-party transfer software used by the Tasmanian Department of Education, Children and Young People.
Hack comes amid rise in ransomware attacks
The hackers reportedly issued the threat to publish the data earlier this week, according to the Australian Financial Review.
HWL Ebsworth said it was is communicating with its clients.
“We continue to work with the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and all relevant government authorities and law enforcement,” a spokesman said.
“The privacy and security of our client and employee data remains of the utmost importance.”
The incident has prompted agencies like the ATO to warn taxpayers to be alert to scams which refer to HWL Ebsworth.
The Department of Home Affairs is leading the federal government’s response to the breach and said it has been investigating the extent of the hack, and whether it potentially affects commonwealth data.
There has been a dramatic increase in the number of ransomware attacks on Australian businesses.
The Australian Cyber Security Centre has found that there was about a 75 per cent increase in incidents since 2019-20.