The court system of Victoria, Australia, was subject to a suspected ransomware attack in which audiovisual recordings of court hearings may have been accessed.
The incident began on December 8 and attackers may have accessed hearings between November 1 and December 21, with a small number of recordings generated before this range also potentially compromised.
Different courts within the system were affected to varying degrees.
The Supreme Court of Victoria, aside from two regional hearings in November, only had recordings accessed between December 1 and 21, for example.
Others like the County Court, Magistrates' Court, and Coroners Court may have had recordings accessed starting from November 1.
The Children's Court had no recordings accessed other than one hearing from October that may have remained on the affected network.
CSV's audiovisual network is independent of its other systems, meaning employee and financial data are unaffected, and there was no impact on the running of the courts.
Erson also suggested that at least some of the recordings that cybercriminals may have accessed could have compromised those who have had their identity protected by court orders or legislation.
In addition to contacting affected individuals directly, CSV has established a contact center for anyone to request further support about the break-in.
The restoration of the affected systems, which were taken offline after detecting the intrusion, is ongoing but will also include additional improvements to the security of the courts' IT infrastructure, we'e told.
Cybersecurity experts from the Victorian Department of Government Services are involved, while the Victoria Police, Victoria Legal Aid, and the Office of Public Prosecutions are also helping to investigate the most sensitive aspects.
The CSV hasn't yet commented on who or what group may be behind the attack, nor has it confirmed it to be ransomware in nature.
The wording of the incident disclosure, coupled with statements from experts, suggest ransomware may have been deployed.
Speaking to ABC News, security expert Robert Potter said the attack is likely the work of the Russia-based Qilin ransomware group.
Potter, who has reportedly seen evidence of the assault, confirmed the attackers are adopting a double extortion approach.
Qilin is yet to claim the attack on its leak site, but double extortion scenarios involve the group threatening to leak the stolen data if a ransom demand isn't met.
If the incident is playing out as Potter says, it means the court recordings may be leaked online if CSV refuses to meet the attacker's demands.
Given the potentially sensitive nature of the hearings affected by the incident, it's also not unheard of for ransomware leaders to intervene and prevent the leaking of data on moral grounds.
The country is also part of the International Counter Ransomware Initiative, which is working toward a joint pledge to refuse ransom payments at the government level.
High-profile attacks on organizations such as Medibank and Optus are thought to have inspired the plans to ban ransom payments, while also prompting the Australian government to set its sights on becoming a world leader in cybersecurity by 2030.
This Cyber News was published on go.theregister.com. Publication date: Tue, 02 Jan 2024 17:13:05 +0000