A recent announcement by the Australian Cyber Security Centre (ACSC) has stated that Conti ransomware strikes have now targeted numerous Australian organisations operating in a wide range of different industries since November this year, raising the alarm for potential victims.
A wave of ransomware attacks by Conti
In a government statement, the ACSC revealed the results of its recent investigation in the cybercriminal activities of the Conti ransomware gang. It stated that in both December and November the ACSC has become aware of multiple attacks on Australian enterprises involving Conti ransomware. The official security advisory issued read:
“This activity has happened across multiple sectors. Victims have received demands for ransom payments. In addition to the encryption of data and subsequent impact to organisations’ ability to operate as usual, victims have had data stolen during incidents published by the ransomware actors, including Personally Identifiable Information (PII).”
The statement refers to the failsafe technique of “double extortion” employed by many modern ransomware operators. While infiltrating an organisation’s network and encrypting essential systems and files, threat actors simultaneously exfiltrate with stolen data classed as valuable. If the enterprise attempts to refuse to pay a ransom, the attacker then threaten to expose the private information on dark web forums or in worst case scenarios, sell it to other cybercriminals to us in their campaigns.
Australian victims of ransomware
The recent government warning follows a ransomware assault last month on the major Australian electricity company CS Energy. The electricity provider’s corporate ICT network was hit in an attempted ransomware attack, which was erroneously linked at the time to a Chinese state-backed hacking outfit by the Australian media.
However, CEO for CS Energy Andrew Bills later revealed that the provider didn’t find any evidence of a state-supported attack originating in China. On November 27, the Conti ransomware group claimed full responsibility for the assault after the intrusion was identified. To date, the gang have not leaked any of the information that was stolen during the attack.
In addition to its security advisory, the ACSC published a full ransomware profile including additional information on the Conti ransomware gang. This included mitigation measures, targeted sectors and initial access indicators.
The agency commented:
“The threat actors involved in the deployment of the Conti ransomware frequently change attack patterns, and quickly take advantage of newly disclosed vulnerabilities to compromise and operate within networks before network owners are able to apply patches or mitigations.”
The ACSC added that Conti gang affiliates have now been observed targeting organisations in critical sectors, most notably, numerous healthcare operations across the country. Back in 2021, the Conti gang claimed it had compromised approximately 500 organisations around the world on their dedicated TOR site.
The mitigation methods provided by the ACSC to help companies protect themselves from Conti’s procedures, tactics and techniques were outlined. These included using multifactor authentication methods to bar stolen credentials being used, the encryption of sensitive data to stop information exfiltration, maintaining rigid backups and segregating corporate networks from industrial operations.
At Galaxkey we offer three-layers of state of the art encryption on all files held in our domain. Help protect your enterprise’s files against both known and unknown threats, starting with a free 14-day trial of our product.