Written by Reporter, Ronald Mizen
Hackers behind a ransomware attack on legal services firm Law In Order have withdrawn their public threat to release allegedly stolen data, as the company refused to say whether it paid a ransom.
The move comes as property developer Central Equity joins a growing list of Australian ransomware victims to fall prey to hackers making millions of dollars from extortion activities.
The Morrison government has become so concerned about the threat posed by ransomware hacking groups that Defence Minister Linda Reynolds on Wednesday is launching a national cyber security campaign.
“Cyber criminals are relentless, operating around the clock and around the world, in a bid to steal the data and money from Australian businesses and families,” Ms Reynolds said.
The Australian Financial Review reported last week that Law In Order, a major supplier of e-litigation services with clients including law firms King & Wood Mallesons and Allens, was hit by a ransomware attack.
While Law In Order declined to say if it paid a ransom, one cyber security expert said there were usually only two reasons the hackers, known as NetWalker, removed public ransom demands.
“In previous cases, NetWalker has delisted companies when they’ve paid or when they’ve agreed to negotiate,” Emsisoft threat analyst Brett Callow said.
“A removal pending negotiations may, obviously, only be temporary and whatever data was exfiltrated could end up being posted should the negotiation fall through.”
A different group late last week claimed to have hacked Melbourne-based apartment builder Central Equity and published a cache of documents it claimed to have stolen.
Company secretary Geoff Otto said the matter had been referred to the company’s lawyers “to ensure that all appropriate protocols are followed”.
Cyber security lawyer E.J. Wise said while there were no specific laws against paying ransoms, directors needed to be careful.
“The shareholders will be implicated and the directors will be implicated if, by paying a ransom, they have breached the Anti-Money Laundering and Counter-Terrorism Financing Act,” Ms Wise said.
She said directors also needed to be conscious of their fiduciary duties: “You want to know that kind of purchase is within your remit, otherwise you may be held personally accountable.”
The Australian Cyber Security Centre publicly advises companies never to pay a ransom as there is no guarantee cyber criminals will decrypt files once the ransom is paid, and there is a chance that files may not be recoverable.