An increase in the use of ransomware in cyber-attacks on multiple sectors and organisations worldwide, including Agencies belonging to State and Federal Governments in Australia, has prompted a warning from the Australian Cyber Security Centre (ACSC).
According to the ACSC, the ransomware known as ALPHV, also BlackCat and Noberus, has turned its interest towards entities, including those based in Western Australia.
“The ACSC is aware of ALPHV targeting Government and critical infrastructure organisations as well as the energy, finance, construction and other sectors,” the Centre said.
“In February 2022, ALPHV affiliates compromised a German oil storage operator and an energy distributor,” it said.
“The ALPHV operators claim to exclude the use of the ransomware in attacks on healthcare and charitable organisations.”
The ACSC said that, in late March of this year, the ALPHV developers announced changes to the ransomware, reportedly including features to inhibit detection of ALPHV ransomware by antivirus and other signature-based detection systems using polymorphic features that change parts of ransomware code.
According to the ACSC, threat actors deploying ALPHV ransomware used a range of initial access vectors to gain access to target networks, including: Exploiting known vulnerabilities or common security misconfigurations; and using legitimate credentials purchased, brute-forced or gained in phishing attacks, including credentials for Remote Desktop Protocol (RDP) connections and commercial Virtual Private Network (VPN) products.
“Once encryption of victim data is complete, victims receive a ransom note directing them to either an email address or a URL, from which an affiliate will demand payment,” the ACSC said.
“ALPHV affiliates implement multiple extortion techniques in addition to encryption of the victim’s network.”
The Centre said it was monitoring a variety of ransomware variant activity, including ALPHV and was able to provide assistance and advice if required.
“All victims are strongly encouraged to report ransomware-related cybercrime and cyber-security incidents to the ACSC,” it said.
“Organisations that have been impacted or require assistance in regards to an ALPHV ransomware incident can contact the ACSC via 1300 CYBER1 (1300 292 371), or by submitting a report.”
Reports to the ACSC can be made direct to its website on this PS News link.
