cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Exclusive: BlackSuit ransomware claims attack on Australian property firm Herron Todd White

The nationwide property valuation specialists have allegedly lost more than 300 gigabytes of data to the prolific ransomware gang.

user icon David Hollingworth
Tue, 30 Apr 2024
Exclusive: BlackSuit ransomware claims attack on Australian property firm Herron Todd White
expand image

Another Australian firm has fallen foul of a ransomware gang, this time property valuers Herron Todd White.

The BlackSuit ransomware gang claimed the Aussie scalp on 27 April, posting details of the data exfiltrated to its darknet leak site.

BlackSuit is not a particularly loquacious outfit. Apart from sharing some info on Herron Todd White copied from the company’s own site, it notes the company has a revenue of $100 million and notes in rough form what data it claims to have.


“Data 279g – just paperwork, no trash,” a gang spokesperson said.

“20g sql_DB – customer and transaction databases.”

The gang has also compiled “a list of documents of great value” in a smaller 3.3 gigabyte .ZIP archive as proof of the hack, but as of writing, the file-sharing site it is hosted on is returning an error, saying the file has reached its download limit.

BlackSuit has not shared any details of the ransom demand or deadline, though previous ransom demands have been reported as being sub US$1 million.

Herron Todd White has offices all across Australia. The company claims that “95 per cent of Australia’s population is covered” by its network.

The attack appears to have caused some concern at the company, with some impacted ex-employees speaking to The Australian Financial Review last week about the incident.

“I heard it was through one of their systems that’s redundant,” a former HTW employee told the AFR on 23 April.

“All of us ex-HTW staff are talking about it.”

A Herron Todd White spokesperson told the AFR the company was working “diligently and collegiately” with its clients to resolve the issue.

Cyber Daily has been in contact with the company’s PR firm, and has been told the company will not be commenting further on the incident at this time.

BlackSuit has enjoyed an impressive period of growth this year. After first appearing in May 2023 – but thought to be made up of members with links to the Royal and Conti ransomware gangs – BlackSuit made just a handful of attacks each month leading up to year’s end.

However, the gang claimed nine victims last month, and in April 2024, it has already racked up 21 victims, including high-profile companies such as US pharmaceutical firm Octapharma Plasma.

UPDATE 01/05/24: Confirmed lack of response from HTW.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.