Government on alert as cyber gangs hit Wunan Foundation and Booth Transport company
Wunan Foundation and Booth Transport hit with ransom demands as Australian organisations get caught up in Lockbit 3.0 global cyber hacking campaign.
The Australian government is monitoring yet another series of cyber attacks, after a respected indigenous charity and a national transport firm were hit by a ransomware gang.
The Wunan Foundation in Kununurra, WA, and Booth Transport, based out of Melbourne, have both fallen victim to a gang using LockBit 3.0 ransomware, which encrypts victims’ data until a ransom is paid.
The cyber criminals who use LockBit also threaten to publicly release confidential data if the ransom isn’t paid.
The two Australian organisations appear to have been hacked in early March when the ransomware was being used to attack companies and organisations across the globe.
The Australian Cyber Security Centre (ACSC) issued a warning about LockBit earlier this year, describing the latest iteration of the malware, known as LockBit 3.0 BLACK, as the “most observed ransomware variant worldwide”.
The gang behind the attacks on both the Wunan Foundation and Booth Transport are advertising the hacks on the dark web.
Home Affairs Minister Clare O’Neil declined to comment, but it’s believed authorities including the ACSC and Australian Signals Directorate are monitoring the hacks.
Wunan works to empower indigenous people and improve their health and employment opportunities, and reduce welfare and alcohol dependence. It has operated for decades across the East Kimberley.
Booth Transport is a family-run transport and logistics company which has been operating for almost 100 years, with offices across the country.
Wunan confirmed the cyber intrusion, which targeted parts of the Wuhan Foundation but not the Health and Wellbeing Centre.
“As an indigenous not-for-profit organisation that serves many remote communities across the East Kimberley region, we are deeply saddened that anyone would target our organisation in this way,’’ a spokesperson said.
“As such, we will not be engaging or negotiating with the unidentified third-party who has claimed responsibility for the unauthorised access.’’
The organisation has called in forensic IT and cyber experts to secure the foundation’s network and determine what happened, and what, if any, data had been taken.
“We have no credible evidence at this stage of our investigation that any information has been downloaded from our IT environment, or that personal information has been involved in this incident,’’ the spokesperson said.
“Should our investigation indicate otherwise at a future point, we will notify any at-risk individuals as soon as practicable, consistent with our regulatory obligations.
“Should any stakeholders have questions or concerns in relation to this matter, they can contact us via communications@ wunan.org.au and we will respond as soon as possible.’’
LockBit criminals were first identified on Russian-language cyber forums in 2020 and the malware is offered on a ransomware-as-a-service basis, meaning anyone can buy access to it and deploy it.
ACSC warned about LockBit 3.0 earlier this year, saying it was being used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia.
An Australian threat researcher who goes by the alias CyberKnow said Australia was not under targeted cyber attack, and the current cyber threat was opportunistic and “business as usual’’.
More Coverage
Join the conversation
Albanese apologises for ‘unkind’ Tourette slur in parliament
The PM has issued an apology to disabled Australians after being slammed for using Tourette syndrome to mock shadow treasurer Angus Taylor. Meanwhile Question Time has begun early ahead of the PM's trip to Laos | WATCH IT LIVE
Read more
Albanese apologises for ‘unkind’ Tourette slur in parliament
The PM has issued an apology to disabled Australians after being slammed for using Tourette syndrome to mock shadow treasurer Angus Taylor during QT | WATCH
Read more