ASX-listed company hit by ransomware

Shriro Holdings, an ASX-listed distributor of white goods and consumer electronics, has confirmed it suffered a cyber security incident disrupting its operations.

In a letter to shareholders published on Friday, Shriro said the bad actors had gained “unauthorised access to its operating systems”.

“The company has engaged a leading cyber forensics firm to conduct an investigation and this investigation is ongoing,” it said.

“Shriro has also commenced a comprehensive internal investigation to review its systems and processes.

“There is a possibility that data on our systems has been accessed and the company is continuing to ascertain the extent to which data has been accessed.”

Information Age understands the incident was a ransomware attack.

Shriro is the Australian distributor for brands like Omega Altise, Robinhood, Casio, and Pioneer.

It has a market capitalisation of around $102 million on the ASX.

The fallout from the incident has meant calls to Shriro’s head office in Sydney’s North Shore are met with a machine message saying it is “currently experiencing some technical issues” due to a “systems upgrade over the weekend”.

The company has not yet responded to Information Age’s request for comment.

Cyber security issues like ransomware continue to plague Australian organisations, causing major disruptions for hospitals, meat processors, logistics firms, phone retailers, and media companies – not to mention incidents that aren’t publicly reported.

This month, a mass ransomware event caused by a supply chain attack on US-based software company Kaseya led to more than 1,500 organisations worldwide being hit by the REvil group.

While some have found ways to combat potentially weeks- or months-long ransomware outages through backup strategies, the seemingly endless stream of ransomware has finally caught the government’s attention.

Last week, it said it was considering new ways to encourage stronger cyber security standards for Australian businesses, such as potentially holding company directors responsible for cyber attacks.

And Labor has proposed legislation seeking to promote more transparency and accountability for cyber attacks by requiring organisations to register ransomware payments with the Australian Cyber Security Centre.

In a 2020 survey, US security firm Crowdstrike estimated one-third of Australian organisations hit by ransomware paid their attackers.