A cyber attack targeted the Victoria Court System on December 21. Hackers accessed several weeks of hearings recorded by Victoria’s court system after a ransomware attack.
An official with Court Services of Victoria (CSV) said on Tuesday that audio and video recordings of some hearings in the supreme, county, magistrate, and coroner’s courts were accessed during the last seven weeks. In addition, there is a possibility that a recording from the children’s court from October has also been affected.
It is possible that some hearings before November have also been affected by the recordings that were made between November 1 and December 21.
A staff member discovered the ransomware attack on December 21 while attempting to access her computer. A message appeared on her screen reading, “YOU HAVE BEEN PWNED”.
Hackers threatened to publish court files stolen from the court system in a message that directed staff to instructions on recovering the files on the dark web.
“The potential access is confined to recordings stored on the network, and no other court systems or records, including employee or financial data, were accessed,” the spokesperson said in a statement.
Hackers have gained access to the court appearances of people who claim to have been affected by the hack. In addition, CSV is notifying them and establishing a contact center to assist those who believe they may be affected.
As a result of Court Services Victoria isolating and disabling the affected network, there will be no interruption to court hearings in January.
Who Is Responsible for the Ransomware Attack on Victoria Court Service (CSV)
According to ABC News, “Independent cyber security expert Robert Potter, who has seen evidence of the attack, said the court system had almost certainly been hit by a Russian phishing attack, using commercial ransomware known as Qilin.”
The Qilin Ransomware (also referred to as Agenda Ransomware) is allegedly a Russian-aligned ransomware group that typically uses double extortion attacks. A double extortion ransomware attack involves encrypting files, demanding a ransom for their decryption, and posting the data to the public to expose the data to theft. It is a specific strain of ransomware that targets specific individuals and organizations.
In March 2023, Group-IB’s researchers claimed to have infiltrated the Qilin ransomware group and revealed some crucial inside information about this RaaS program.
According to Group-IB report, “Qilin is a Ransomware-as-a-Service (RaaS) affiliate program that now uses a Rust-based ransomware to target its victims. Many Qilin ransomware attacks are customized for each victim to maximize their impact. To do this, the threat actors can leverage such tactics as changing the filename extensions of encrypted files and terminating specific processes and services.”
The Qilin ransomware uses strong encryption algorithms to lock up the victim’s files, rendering them inaccessible without the correct decryption key. Victims are presented with a message demanding payment of a ransom in exchange for the decryption key.
The ransom amount is typically demanded in cryptocurrency, such as Bitcoin, due to its anonymity and difficulty in tracing. The attackers may set a deadline for payment, threatening to delete the decryption key and permanently encrypt the files if the victim does not comply.
The Qilin ransomware is known to target organizations in various industries, including healthcare, finance, and education. It often spreads through phishing emails or exploit kits that trick users into clicking on malicious links or downloading infected attachments. Once inside the system, the ransomware can spread to other computers on the network through various methods like EternalBlue or SMB protocol vulnerabilities.
In addition to encrypting files, the Qilin ransomware may also delete shadow volume copies, which are commonly used to restore encrypted files. This makes it difficult to recover the encrypted data without paying the ransom.
In addition to its evasion-proneness and hard-to-decipher qualities, Rust variants are particularly effective for ransomware attacks because they enable malware to be customized for Windows, Linux, and other OS. Both Windows and ESXi versions can be affected by the Qilin ransomware group.
For more cybersecurity news and updates, follow us on Cybersecurity – The SOC Labs.
Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The SOC Labs assumes no liability for the accuracy or consequences of using this information.
Discover more from The SOC Labs
Subscribe to get the latest posts sent to your email.