Australian Retail Companies Hit by Bitcoin Ransomware Attack

The massive supply-chain ransomware attack on software provider Kaseya last week also affected retail companies in Australia. The Australian federal government’s Cyber Security Centre (ACSC) made this known in a report on 6 July, saying it’s working with the affected companies to ascertain the extent of the impact and possible mitigation measures. 

REvil Ransomware Attack on Kaseya

On 5 July, the notorious Russian ransomware gang Sodinokibi, also known as “REvil“, pulled a large-scale supply-chain attack on Kaseya VSC. More than 1,000 businesses that use Kaseya’s IT solutions in countries including Australia, the US and South Africa were affected by the incident. 

The cybercrime gang reportedly took advantage of a zero-day vulnerability on Kaseya’s VSC software to infect the chain of businesses on the network. Prior to the attack, the Dutch Institute for Vulnerability Disclosure (DIVD) alerted Kaseya but the IT solutions provider wasn’t quick enough to patch the flaw. 

The REvil gang launched the attack while DIVD was still in the process of fixing the problem. Consequently, several companies linked to the Kaseya VSC network were locked out of their data via encryption.

The REvil group demanded about AS$92 million (US$70 million) to release the global decrypter for the data. 

Potential Impact on Aussie Retailers 

Several Australian retail businesses linked to the compromised network were also hit by the attack. 

There is a lot of chatter among incident responders in Australia that there are impacted businesses here.

Josh Lemon, Managing Director of Digital Forensics and Incident Response, Ankura

Although the ACSC and the FBI are jointly investigating the extent of the attack and viable mitigation advice, Aussie retailers are advised to shut down Kaseya servers until further notice. ACSC also recommended activating Multi-Factor Authentication (MFA) as an extra layer of security.

REvil’s latest attack comes weeks after receiving a Bitcoin ransom demand worth about US$11 million from the world’s largest meat producer, JBS SA. Last year, Australian non-profit organisation Anglicare Sydney also suffered a ransomware attack in which 17 gigabytes of data were stolen.