Sydney’s Cross City Tunnel operator hit by ransom demand from Russian criminal gang
A critical piece of infrastructure in Sydney was targeted as part of 24 hacks in 24 hours by Russians, raising concerns about users private data.
National
Don't miss out on the headlines from National. Followed categories will be added to My News.
Sydney’s Cross City Tunnel operator has been hit with a ransomware demand from a Russian criminal gang to hand over a chunk of its tolls or see its “sensitive” data published online.
The Russian state-affiliated cyberhack group Lockbit has given Transurban a deadline of June 26 to pay a ransom, in what is believed to be the first case of an Australian road operator allegedly targeted.
The attack on the Cross City Tunnel critical infrastructure, connecting the eastern beaches to the inner west of Sydney was part of 24 hacks in 24 hours last week, including a council in Iceland, a private school in New Jersey and a healthcare centre.
It is understood Lockbit hacked a legacy computing and data storage system from a previous Cross City Tunnel operator with data including invoices and consultants’ notes from 2008 to 2013. Transurban took over the road tunnel in 2014.
A spokesman for Transurban confirmed it was historical data from a previous third party service provider, but said the 35,000 motorists who use the tunnel each day would not be affected.
“The Cross City Tunnel’s business operations are unaffected and the road continues to operate as normal,” the spokesman said.
“Linkt customer services and data including websites and apps have not been impacted and customers do not need to take any action.”
Cyber risk intelligence group Flashpoint said Lockbit was targeting the region more than usual.
Former Australian Defence Force and Australian Federal Police intelligence analyst Ben Gestier, who is now with Flashpoint, said more attacks on critical infrastructure in Australia can be expected.
“This attack on the Sydney Cross City Tunnel comes after continued focus by state-based actors and cybercriminal groups on the Asia-Pacific region,” he said.
“The concern surrounding this particular incident lies in the data potentially housed by the Cross City Tunnel operators. Whether vehicle registrations, financial details, or sensitive information will become available is yet to be seen. Over the past four months Flashpoint analysts observed Lockbit as having the highest number of victim posts by ransomer, including May with a total of 96 victim posts that shows without question that critical infrastructure is being targeted.”
Earlier this year, Lockbit shut down Britain’s Royal Mail worldwide distribution network located near Heathrow Airport. The group is thought to have extorted $200 million from previous victims.
“We benefit from the hostile attitude of the west [towards Russia],” a Lockbit member reportedly said in an online chat.
“It allows us to conduct such an aggressive business and operate freely within the borders of the former Soviet countries.”