Share this article on:
Following the Russian cyber attack on its systems that led to third-party data being released, Australian law firm HWL Ebsworth (HWLE) has successfully secured an NSW Supreme Court injunction that will prevent hackers from publishing any stolen data.
HWLE was targeted by the ALPHV (also known as BlackCat) ransomware gang earlier in the year, with the hacking group revealing that it had stolen four terabytes of data when it gained access to a staff member’s personal computer on 30 April.
Late last week, the hackers claimed to have published some of that data on its dark web leak site.
Now, the Aussie law firm has revealed that it has obtained an injunction from the NSW Supreme Court which will aim to bar anyone from unveiling, promoting or using any of the stolen information outside of obtaining legal counsel. The hackers will also be required to take down the data.
While the primary target for this was the ALPHV hackers, the injunction will also have the effect of preventing media or any other parties from reporting details of the stolen data.
HWL Ebsworth revealed to media this week it believed securing the stolen data was in public interest, meaning any party who published or reported the data would be doing so against the interest of the public, adding that it believed doing so would be in contempt of court.
However, some cyber security experts have said the injunction is likely to prove ineffective in preventing hackers from publishing the data.
Brett Callow, ransomware researcher for New Zealand security firm Emsisoft, said this defensive strategy has been used before and could have the opposite effect.
“New Zealand’s Waikato District Health Board and the Irish Health Service Executive are among the other organisations to have taken similar courses of action, and it’s a somewhat risky strategy," he told New Zealand publication ITWire.
“On the one hand, the injunction may dissuade casual looky-loos from accessing the data and also stop reporters from using it as the basis for stories.
“On the other hand, it’s unlikely to stop ALPHV from releasing the data and may actually provoke them into releasing it more quickly or distributing it more widely than they otherwise would.”
Callow named a specific instance in the US where obtaining an injunction led to data being released faster and with more malicious intent behind it.
“When US company Southwire obtained injunctions against the Maze ransomware group and its web host, Maze started to release the data on a Russian cyber crime forum with a note inviting people to ‘Use this information in any nefarious ways that you want’.”