Terabytes of stolen data is being held hostage by Russian ransomware gang AlphV after it launched a string of attacks against Victorian businesses.
The cyber criminal group AlphV, also known as BlackCat, has claimed responsibility for several attacks against Victorian companies, including pathology company TissuPath, real estate agency Barry Plant, law firm Tisher Liner FC Law, and owners corporation service provider Strata Plan.
In a series of dark web posts, the group claims to have stolen an alleged 4.95 terabytes of data – nearly 1 terabyte more than what it claimed during AlphV’s hack against law firm HWL Ebsworth in April.
According to the listing for Barry Plant on AlphV’s dark web blog, the company has refused to negotiate with the ransom gang – leading the cyber criminals to allegedly “release the entire dataset”.
“In light of the refusal by representatives of Barry Plant company to engage in negotiations, we have decided to release the entire dataset,” read the dark web blog post.
The group claimed to have leaked email content, non-disclosure agreements, property applications, criminal records, passports and IDs of Barry Plant's clients and employees.
Barry Plant’s share of the allegedly stolen data is the largest, totalling a purported 3.2 terabytes – though the company’s Chief Executive, Lisa Pennell, stressed the attack was isolated to its Blackburn office and did not breach the rest of the company’s systems.
TissuPath and Strata Plan have also suffered purported leaks – totalling 446 gigabytes and 1.43 terabytes respectively – with AlphV claiming to have leaked medical records of TissuPath clients.
“446 GB and 735,414 files has been exfiltrated,” read the dark web post for TissuPath.
“We've download all the data you have. Data dump contains Medical Records of your clients,” it added.
TissuPath expressly confirmed a range of patient data had been exposed during the incident, including names, dates of birth, contact details, Medicare numbers, and private health insurance details.
“We can confirm that we are investigating a data breach at a third-party IT supplier involving pathology referrals issued to TissuPath between 2011 and 2020,” said TissuPath.
“Importantly, TissuPath’s main database and reporting system that stores patient diagnoses was not compromised. Further, we do not store patient financial details and other personal information documents, such as drivers licence numbers.
“We are very sorry this has happened, and we sincerely apologise to our patients who may have been affected."
Meanwhile, ABC reports director of Strata Plan, Simon Chamaa, has disputed the ransom gang’s claims of data theft, stating the company’s data “remains secure”.
"Rest assured, that Strata Plan's data remains secure,” said Chamaa.
“Thanks to our precautionary measures already in place, we have not experienced any impact on our systems.
"Strata Plan is actively investigating the matter with the assistance of cyber security experts, and we are dedicated to addressing this matter swiftly and effectively."
Meanwhile, Tisher Liner FC Law is still working to validate AlphV’s claims amid ongoing investigation.
Attacks stem from Melbourne IT firm
AlphV’s announcements followed a cyber attack at third-party IT service-provider Core Desktop – a Melbourne-based company which serviced TissuPath, Strata Plan and Barry Plant Blackburn.
According to the ABC, the company notified its clients that it first became aware of the hack on 22 August, with suspicions the attackers gained entry to its system due via phishing.
“Our cyber forensic team do not have a firm understanding of the origins of the entry but initial suggestions are that it was from a targeted client-side phishing attack which infiltrated our control systems, impersonated privileged accounts and encrypted some servers," read a letter to clients.
According to managing director at Core Desktop, Rodney Bloom, the company was “not really aware” of what information has been compromised.
“It’s not our data so we don’t know,” said Bloom.
After hiring forensic cyber security specialists, the company has regained control of its systems and further reported the data breach to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre.
Differing outcomes suggest differing security
Andrew Wilson, CEO of Australian encryption company Senetas, suggested the responses from the businesses targeted by AlphV pointed to differing security implementations.
“This attack has had one common factor, but strikingly disparate outcomes,” said Wilson.
“On the one hand we have Tissupath in the position of reporting compromised highly-sensitive personal data.
“On the other, Strata Plan's confident response that its customers can 'rest assured' that their data is secure.
“From this we can infer one big insight – Strata Plan likely strongly encrypted its data beforehand, and Tissupath did not.”
Wilson further lamented that Australian citizens’ personal data is once again being held to ransom “not because of a sophisticated attack” but due to “simple mistakes” like falling for a phishing email.
“We desperately need tougher legislation that will mandate that all personal data is encrypted both at rest and in motion as a last line of defence,” said Wilson.
“We also as a nation need to have assurances that once data is captured by a private business, that the data has an expiry date.”