cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Aus law firm allegedly hacked by BlackCat ransomware group

Major Aussie law firm HWL Ebsworth is the latest Australian organisation to suffer at the hands of a potential ransomware attack, after a Russian hacking group claimed to have accessed its systems and stolen a large chunk of data.

user icon Daniel Croft
Tue, 02 May 2023
Aus law firm allegedly hacked by BlackCat ransomware group
expand image

In a post on its website, the Russian-backed ALPHV ransomware group behind the BlackCat hacking operation revealed that it had stolen four terabytes of data from the Aussie law firm, including employee personal data covering IDs, accounting data, loan data, insurance data and CVs.

In addition, ALPHV claimed to have stolen a stockpile of client data, including credit card information, financial data and load data, as well as a range of internal company files and network mapping and credentials.

ALPHV, which runs as a ransomware-as-a-service business model, has been active since late 2021 and, according to Palo Alto Networks, is one of the top three ransomware groups targeting Australia, having previously hit major organisations such as LJ Hooker.

The group infiltrates company networks in a number of ways, such as exploiting vulnerabilities and drawing in victims with emails and Google ads containing malicious software.

While ALPHV’s claims are yet to be verified, HWL Ebsworth has reportedly reported the incident to the Australian Cyber Security Centre (ACSC), as legally required under the Security of Critical Infrastructure Act 2018.

HWL Ebsworth is considered one of Australia’s leading national law firms and has offices in every one of Australia’s states and territories. Cyber Security Connect has reached out to the group requesting comment on the incident.

Alongside HWL Ebsworth, ALPHV has claimed responsibility for a number of major breaches, including a recent attack on computer hardware manufacturer Western Digital.

Claiming to have stolen 10 terabytes, the ransomware group is now mocking the organisation’s initial response to the alleged breach, having posted screenshots and videos showing its actions responding to the attack and suggesting it still has access to its systems.

Western Digital is currently not negotiating ransom with ALPHV. It also denied requests for comment on the recent screenshots.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.