The email systems of the Commonwealth and West Australian parliaments were taken offline this year due to cyber attacks.
This appears, however, to be the first time hackers have tried to extort an Australian political party for financial gain.
The ransomware group Avaddon posted screenshots on the dark web of information it claimed to have stolen, including the passport of a NSW local government councillor.
Other screenshots showed the driver’s licences of a former employee, service and confidentiality contracts, and what appeared to be financial information relating to the branch.
While screenshots may indicate penetration of the company’s systems, it does not necessarily mean data was copied or removed.
“NSW Labor, the company does not want to co-operate with us, so we give them 240 hours to communicate and co-operate with us,” Avaddon said in a post on its website.
“If this does not happen before the time counter expires, we will leak valuable company documents.
“We have a large amount of data on contracts, a lot of confidential information, confidential contracts, driver’s licences, passports, employment contacts, information about employees, resumes and more.”
Avaddon appears to have hit three Australian organisations, two of which are in NSW, in a short space of time, which could suggest a connection.
— Brett Callow, Emsisoft
Josh Lemon, managing director of digital forensics and incident response at business advisory firm Ankura, said most of the screenshots contained keywords such as “sensitive” and “confidential”.
“Although it’s a little bit abstract, as someone who isn’t the victim, it’s obviously intended to provide proof to the actual victim,” Mr Lemon said.
The group is also threatening a denial-of-service (DoS) attack if NSW Labor does not pay the ransom. A DoS attack happens when a network is disrupted after being flooded with requests.
Mr Lemon said paying a ransom never guaranteed the data would not be leaked.
He said criminal groups had evolved from encrypting computers to stealing potentially sensitive data and extorting companies in large part because many companies had begun backing up their data more effectively.
Earlier this year, the group hit ASX-listed renewables company Carnegie Clean Energy, although the company said the incursion was “immaterial” to its operations.
Brett Callow, a threat analyst at cyber security firm Emsisoft, said: “Ransomware continues to become an ever-bigger problem for the public and private sectors alike with at least 2765 Australian organisations having been impacted in 2020 at a cost of more than $US100 million [$129 million].
“The incidents represent a risk to everything from election security to national security to individuals’ health, safety and privacy.
“Avaddon appears to have hit three Australian organisations, two of which are in NSW, in a short space of time, which could suggest a connection.”
The Australian Cyber Security Centre publicly advises companies never to pay a ransom as there is no guarantee cyber criminals will decrypt files once the ransom is paid, and there is a chance files may not be recoverable.