The court system for Australia's second-most-populated state was hit by a ransomware attack that potentially exposed sensitive recordings of some court hearings.
Court Services Victoria, an administrative body that supports the operations of the courts in the state of Victoria, detected the attack on December 21.
The incident led to the disruption of the audio-visual in-court technology network, impacting video recordings, audio recordings, and transcription services, according to CSV Chief Executive Louise Anderson.
CSV's responsibilities include administrative support, management of court facilities, and registry services.
According to a statement from Anderson on Tuesday, the hackers might have accessed recordings of some court hearings between November 1 and December 21.
No other court records, including employee or financial data, were compromised.
The hackers, who weren't identified by CSV, left a ransom note threatening to publish files stolen from the court system.
The attack won't affect court hearings scheduled for January, Anderson said.
The agency's security specialists said that after detecting the attack, they isolated and disabled the network and are now notifying people whose hearing recordings may have been accessed.
There are three main courts operating in Victoria: the Supreme Court, the County Court, and the Magistrates' Court.
There are also several specialized courts, including the Children's Court, the Coroners Court, and the Koori Court.
According to CSV, the County Court cases had been most severely affected by the hack, with hackers potentially accessing all criminal and civil hearings recorded on the network.
No hearings from the Children's Court have been compromised from November or December, but one hearing from October may have remained on the network.
According to co-founder of the Australian cyber firm Internet 2.0 Robert Potter, who has seen the message the hackers sent to the victims, the attack was likely carried out by the Qilin ransomware group.
The hackers typically gain access to the targeted systems through phishing emails and employ a double extortion technique, researchers from Group-IB said.
In this technique, the hackers demand a ransom payment not only for providing the decryption key to restore access to the files but also for not exposing the sensitive data they have acquired.
The group's victims are mostly located in Australia, Brazil, Canada, the U.K., and the U.S. The hackers have previously stated that they do not target Commonwealth of Independent States countries, including Russia, Belarus, Kazakhstan, and Moldova.
Other prominent Australian institutions breached by hackers include one of the country's largest health insurance providers Medibank, consumer credit business Latitude Financial, and Australia's second-largest telecommunications company Optus.
The Australian government even wanted to ban businesses from making ransomware payments as part of its national cybersecurity strategy but dropped this plan.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine.
This Cyber News was published on therecord.media. Publication date: Tue, 02 Jan 2024 19:35:10 +0000