Australian Defence Department has been hit by an attack from a piece of malware that has encrypted files and demanded payment in return for the keys to unlock them, as part of what appears to be an ongoing campaign against government agencies worldwide, according to news reports. The ransomware — which in this case was WannaCry — locks access to computer systems and demands ransoms of around $500 worth of Bitcoin (about $5,500) be sent to specific accounts in order to restore the systems’ functionality.
What is ransomware?
Ransomware is malicious software that is installed onto a computer and restricts access to the data until a ransom payment is made. The software encrypts the victim’s data files, making them inaccessible, and demands money from the victim to decrypt the files. Once paid, the attacker provides the decryption key needed to unlock the victim’s files and return them to normal. This can be done through different methods of payment ranging from Bitcoin, bank transfer, Ukash, or MoneyPak card.
The Australian Defence Agency was hacked by an unknown person. Who demanded $18 million worth of bitcoin as ransom for not leaking classified information they had stolen from systems operated by the agency. The hacker has since uploaded at least one document on social media that appears to have originated with the Australian Defense Department. It contains hundreds of names, email addresses, phone numbers, and passwords.
How did the attack happen?
In what could be the most costly cyberattack against an Australian government entity. The Australian Signals Directorate (ASD) has confirmed that the defense department was compromised by a virus that encrypted data on its systems. ASD believes it was a targeted attack and not the result of a general malware infection. In this case, it appears the attackers may have made off with sensitive information. The incident is currently under investigation. In the meantime, all non-critical networks remain open while critical networks will continue to operate at restricted levels. According to defense spokesperson Wing Commander John Pointing: We are working as fast as we can to resolve the issue.
What was impacted?
The Australian Defence Department has confirmed it is the victim of a ransomware attack after employees experienced intermittent connection issues on Monday.
The department continues to assess the extent of the impact and who may be responsible for this malicious activity. An Australian Defence Board spokesman said, adding that it was too early to say whether any data had been compromised.
The department, which is responsible for protecting Australia’s borders and military personnel, oversees one of the most advanced defense forces in the world. The headquarters are located at Russell Offices in Canberra and Woden Valley, Canberra. It also has offices in Adelaide and Sydney.
How can you protect yourself from ransomware?
You can protect yourself from ransomware by backing up your data. A backup will ensure you have the option to recover lost or corrupted files that may be encrypted by the ransomware. You should also back up your data on a regular basis, ideally once a week. This way, if an attack occurs and your files are encrypted. You’ll have an older backup to restore them from. Many people now use external hard drives for this purpose. As they’re easy to store away when not in use and are relatively inexpensive. The best way to protect yourself from ransomware is to make sure that you’re backing up all of your data. On a regular basis so that if it’s ever compromised, you’ll be able to recover it with minimal issues.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.