Russian cyber criminals who hacked into more than 50 Australian operations and demanded ransoms are being thwarted by an FBI decryption tool now being distributed by the AFP.
The cyber gang, known as BlackCat, had infiltrated dozens of local businesses and government agencies, the AFP said, stealing sensitive data, encrypting their networks and then demanding money to restore access.
AFP Cyber Command Assistant Commissioner Scott Lee said the ransomware group first came to its attention in 2021 and law enforcement agencies globally had co-operated to disrupt BlackCat, which was estimated to have cost victims hundreds of millions of dollars.
“The unlawful activity by BlackCat had a severe impact on Australian businesses, many of which remain without access to some key systems,” Assistant Commissioner Lee said.
“The FBI developed a decryption tool that allowed law enforcement partners around the world to offer more than 400 affected victims the capability to restore their systems.”
“We have so far identified 56 Australian-based victims across both corporate and government sectors and we are engaging with victims to provide decryption keys to restore their systems where we can. Those decryption keys are similar to a password.”
Led by the FBI, the international operation had gained visibility into BlackCat’s computer network and seized several of its websites.
Assistant Commissioner Lee said BlackCat – also known as ALPHV or Noberus – used a ransomware-as-a-service model, in which developers created ransomware and maintained illicit internet infrastructure.
He said the group’s affiliates identified high-value businesses and institutions to attack, stole sensitive data and encrypted files so the victims could not access them. The criminals then demanded a ransom to decrypt the victim’s system.
If a victim paid up, the BlackCat group shared the money but if a victim refused, the criminals published the stolen data to a website where anyone could download it for further criminal use.
Globally, BlackCat had targeted networks that supported critical infrastructure, universities, court systems and major companies.
The global financial loss was estimated to be in the hundreds of millions of dollars and included ransom payments, destruction and theft of proprietary data, and costs associated with incident response.
Assistant Commissioner Lee said in the past 18 months, millions of Australians had been affected by devastating cyber incidents and ransomware attacks were becoming more prevalent.
“On average, one cyber crime is reported every six minutes, with ransomware alone causing up to $3 billion in damages to the Australian economy every year,” he said.
“The Australian government advises against paying ransoms.
“We urge anyone who has been the target of a BlackCat ransomware attack or any other ransomware breach and has not yet reported it, to report to police.
“If we are alerted to an incident in its earliest moments, we have our best shot at gathering the evidence we need to identify those responsible for the attack, disrupt their activities and bring them to justice.
“Outcomes like this would not be possible without the ability of the AFP to engage with law enforcement around the world and co-ordinate responses.”
You are not authorised to post comments.
Comments will undergo moderation before they get published.