Australian Defence Department has been hit by an attack from a piece of malware that has encrypted files and demanded payment in return for the keys to unlock them, as part of what appears to be an ongoing campaign against government agencies worldwide, according to news reports. The ransomware — which in this case was WannaCry — locks access to computer systems and demands ransoms of around $500 worth of Bitcoin (about $5,500) be sent to specific accounts in order to restore the systems’ functionality.
What is ransomware?
Ransomware is malicious software that is installed onto a computer and restricts access to the data until a ransom payment is made. The software encrypts the victim’s data files, making them inaccessible, and demands money from the victim to decrypt the files. Once paid, the attacker provides the decryption key needed to unlock the victim’s files and return them to normal. This can be done through different methods of payment ranging from Bitcoin, bank transfer, Ukash, or MoneyPak card.
The Australian Defence Agency was hacked by an unknown person. Who demanded $18 million worth of bitcoin as ransom for not leaking classified information they had stolen from systems operated by the agency. The hacker has since uploaded at least one document on social media that appears to have originated with the Australian Defense Department. It contains hundreds of names, email addresses, phone numbers, and passwords.
How did the attack happen?
In what could be the most costly cyberattack against an Australian government entity. The Australian Signals Directorate (ASD) has confirmed that the defense department was compromised by a virus that encrypted data on its systems. ASD believes it was a targeted attack and not the result of a general malware infection. In this case, it appears the attackers may have made off with sensitive information. The incident is currently under investigation. In the meantime, all non-critical networks remain open while critical networks will continue to operate at restricted levels. According to defense spokesperson Wing Commander John Pointing: We are working as fast as we can to resolve the issue.
What was impacted?
The Australian Defence Department has confirmed it is the victim of a ransomware attack after employees experienced intermittent connection issues on Monday.
The department continues to assess the extent of the impact and who may be responsible for this malicious activity. An Australian Defence Board spokesman said, adding that it was too early to say whether any data had been compromised.
The department, which is responsible for protecting Australia’s borders and military personnel, oversees one of the most advanced defense forces in the world. The headquarters are located at Russell Offices in Canberra and Woden Valley, Canberra. It also has offices in Adelaide and Sydney.
How can you protect yourself from ransomware?
You can protect yourself from ransomware by backing up your data. A backup will ensure you have the option to recover lost or corrupted files that may be encrypted by the ransomware. You should also back up your data on a regular basis, ideally once a week. This way, if an attack occurs and your files are encrypted. You’ll have an older backup to restore them from. Many people now use external hard drives for this purpose. As they’re easy to store away when not in use and are relatively inexpensive. The best way to protect yourself from ransomware is to make sure that you’re backing up all of your data. On a regular basis so that if it’s ever compromised, you’ll be able to recover it with minimal issues.
It is reassuring to hear from the Australian government that its defence’s weren’t breached in this latest ransomware attack. Ransomware attacks on federal, state and local governments and critical infrastructure operators have increased in 2022 and that trend will continue into the new year. The bottom line is that the Australian government and any nation, for that matter, can’t pay it’s way out of ransomware. 2022 headlines speak for themselves as brazen ransomware gangs have attacked state and local governments in the UK, United States, Albania, Chile and Montenegro, to name a handful. Now is the time to prepare during peacetime, maintain good security hygiene and regularly update and patch operating systems and other software. And also evaluate locking down critical accounts when possible. The path attackers often take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware.
Don’t pay the ransom unless it is a matter of life and death. Ransomware can be stopped and operations returned to normal. By stopping ransomware before files can be encrypted, the attackers will move onto softer targets.
To reduce their risk to ransomware, governments and public and private sector organisations should do the following:
–Practicing good security hygiene like implementing a security awareness program for employees, assuring operating systems and other software are regularly updated and patched.
–Assuring key players can be reached at any time of day as critical response actions could be delayed during the upcoming holiday season as more attacks occur during off hours and on weekends and holidays.
–Ensuring clear isolation practices are in place to stop any further ingress on the network or spreading of the ransomware to other devices. Teams should be proficient at things like disconnecting a host, locking down a compromised account, and blocking a malicious domain, etc. Evaluating these procedures with scheduled or unscheduled drills at least every quarter is recommended.
–Evaluating lock-down of critical accounts when possible. Teams should create highly secured, emergency-only accounts in the active directory that are only used when other operational accounts are temporarily disabled as a precaution or inaccessible during a ransomware attack.
Another week, another breach. It seems like things are going from bad to worse down under.
It is not clear how this latest incident occurred, but it raises further alarm bells at a time when the world’s eyes are already on the security of Australia.
The bad news is things are only likely to continue until organisations take back control over their digital network access.
In almost all security breaches, hackers don’t hack in, they log in. They steal credentials without any obstacles because employees make and control the digital keys (passwords), to access an organisation’s network.
As long as these organisations continue to let their employees create their own keys to access their digital building and open all doors at the same time, there will be no respite. Attackers have consistently used employees’ credentials to log into systems, move inside the network and launch ransomware attacks. And this technique won’t change until organisations decide to control their access keys and improve their resilience.
The reality is this can easily be done through access encryption and segmentation, where employees use encrypted credentials without the need to see, make or know any of them. This would stop exposing organisations to human errors and effectively prevent network doors being breached.