Another ransomware attack, this time on the Victorian Court system
January 2, 2024 |
The ABC reports today that, in Russian hackers believed to be behind cyber attack on Victoria’s court system, the Victorian Court system was subject to a ransomware attack on 21 December 2023. The Guardian reports on it here. While someone from Court Services made comment, with the usual (1) detected the breach, (2) secured it, (4) working on it & (5) will notify people where appropriate & the tried and true (6) security is our highest priority, there has been no statement on its homepage. At least not yet. Based on the story it is an extortion attempt by a Russian hacking group.
As the story notes there must have been a deficiency in the security system or privacy training. Ransomware programs don’t just appear on systems. They are commonly delivered through email or acquired authorisations. If it was because someone opened an attachment or clicked on a hyperlink on an unfamiliar email that bespeaks poor privacy training.
This is not the first attack on the Court system. In 2020 a former registrar hacked the system to create a false intervention order. The registrar was jailed for fraud.
Courts Victoria falls under the regulation of the Victorian Information Commissioner. The powers of that office are very limited, even more constrained than the Commonwealth Australian Information Commissioner.
The ABC story provides:
Victoria’s court system has been hit by a ransomware attack, which an independent expert believes was orchestrated by Russian hackers.
A spokesperson for Court Services Victoria (CSV) said hackers accessed an area of the court system’s audio-visual archive. That would mean recordings of hearings including witness testimony from highly sensitive cases may have been accessed or stolen.
CSV is now trying to notify people whose court appearances have been accessed by hackers, and will today set up a contact centre for people who believe they may have been affected.
The recordings were from hearings between November 1 and December 21, but it’s possible some hearings before November have also been affected.
The attack was discovered on December 21 in the lead up to the Christmas break, when staff were locked out of their computers and messages appeared on screens reading “YOU HAVE BEEN PWND”.
The message directed court staff to a text file, in which hackers threatened to publish files stolen from the court system, and directed them to an address on the dark web for instructions on how to recover the files.
Attack likely work of Russian hackers, expert says
Independent cyber security expert Robert Potter, who has seen evidence of the attack, said the court system had almost certainly been hit by a Russian phishing attack, using commercial ransomware known as Qilin.
“It’s a double extortion approach,” he said.
“They take the data out, and then encrypt it. If you don’t pay, they leak your data, and you will never access it.”
The Court Services Victoria spokesperson said CSV “…took immediate action to isolate and disable the affected network and to put in place arrangements to ensure continued operations across the courts. As a result, hearings in January will be proceeding.”
“Maintaining security for court users is our highest priority. Our current efforts are focused on ensuring our systems are safe.”
This week, the ABC revealed probiotic company Yakult Australia had been hit by a significant cyber attack that saw its company records and sensitive employee documents, such as passports, published on the dark web.
Other major companies and institutions such as Optus and Medibank have also suffered high-profile attacks, with the St Vincent’s Health network also targeted in the lead-up to Christmas.
“Australia is a rich target because we are a modern, first world country with a bunch of money,” cyber security consultant Troy Hunt said.
“Inevitably, there are security deficiencies that have allowed this to happen.
“Companies can’t fix it on their own, and police are unable to help.”
Court Services will not pay a ransom so the question will then be whether the hackers release the video and audio recordings. It is likely that many of the recordings will be of hearings heard in open court and much of it will not involve sensitive material; things such as procedural discussions, submissions on uncontroversial matters and expert evidence. It is recording of evidence subject of a suppression order or involving personally sensitive material that will be of greatest concern.