The AFP are urging victims of cybercrime to report ransomware attempts following the disruption of a dangerous ransomware group.
Operation Orcus – a multi-agency ransomware taskforce established by the AFP – received a request from the Dutch National Police last month (September 2022) for assistance in investigating a ransomware group called Deadbolt.
Deadbolt had infiltrated the computers of more than 15,000 people and companies in 13 countries and was demanding payments of about AUD $1500 from the victims in exchange for file decryption. At least 12 Australians were among those targeted.
Police were able to retrieve more than 150 decryption keys from the ransomware group which enabled about 90 percent of reported victims to access their files, photos and personal data without paying the ransom.
As a result of the disruption, the AFP obtained decryption keys for a number of Australian victims.
The disruption by police in both countries caused the cybercriminals behind the attack to shut down Deadbolt.
Victims who filed reports were the first people to tip off the police and receive their data back. Unfortunately for victims who didn’t report it, their chances of retrieving their data back was low.
This operation has demonstrated how valuable it is for people to report cybercrime especially if they have been affected.
AFP Acting Superintendent Ashley Wygoda said the many victims of ransomware attempts, including Deadbolt, are small businesses or people working from home.
“The increased shift to online work and learning during the pandemic left people vulnerable to cyber criminals who sought to take advantage of the community’s high-median wealth,” A/Supt Wygoda said.
“We are seeing cybercriminals employing more intelligent tactics, which can lead to the loss of data, personal information and finances.”
“The AFP is urging people affected by ransomware, or any other cybercrime, to report it as soon as it happens to increase their chances of achieving a positive outcome.”
In July 2021, the AFP established Operation Orcus to coordinate the efforts of national law enforcement agencies against ransomware, including targeting developers and those who utilise Ransomware-as-a-Service.
Working with its partners, Operation Orcus has analysed hundreds of ransomware incidents. Op Orcus has protected Australian organisations through 18 preventive engagements since July 2022, and prepared advisory reports for other investigative agencies.
Operation Orcus includes partners from ACIC, ACSC (ASD), AUSTRAC and state and territory police.
Have you been a victim of ransomware?
The warning to be alert to ransomware attempts is part of 2022 Cyber Security Awareness Month, which aims to highlight the importance of staying safe online and provide simple guidance on how to do so.
The overarching theme for this year’s awareness month is ‘Have you been hacked?’ Further resources on ransomware, including a tool designed to help identify if you have been hacked, are available at www.cyber.gov.au.
The ACSC also has a range of practical guides to help organisations protect themselves against ransomware attacks available at www.cyber.gov.au/ransomware.