The Qilin ransomware gang is believed to have been behind the ransomware attack that affected Victoria’s court system. Concerns have been raised concerning the possible exposure of extremely sensitive data from hundreds of court proceedings following the discovery of the Victoria court ransomware attack on December 21.
The Qilin ransomware gang may be acting for financial gain rather than on behalf of any government, despite initial reports suggesting a possible Russian connection. It looks like the cyberattack on Victoria Court was more of an opportunistic strike than a deliberate attempt to undermine the Victorian government for political reasons.
According to Court Services Victoria (CSV), just before Christmas 25, cybercriminals gained access to audio and video recordings and transcripts of court proceedings from November 1 to December 21 through a breach in the audio-visual technology network.
Hearings in the Supreme Court, the criminal division of the Court of Appeal, practice courts, regional hearings, County Court proceedings, certain committals in the Magistrates’ Court, all hearings in the Coroners Court, and one hearing in the Children’s Court are among the areas that are impacted.
Concerns about the confidentiality and integrity of the legal process have been raised by the possible compromise of recordings, including witness testimony from extremely sensitive cases. The public was reassured by CSV Chief Executive Louise Anderson that prompt action was being taken to disable and isolate the impacted network, despite the situation’s unsettling nature.
Staff members were locked out of their computers and faced with the warning screen that read, “YOU HAVE BEEN PWND,” according to the company’s notification letter. This was how the breach was discovered. As part of its quick response, CSV worked with cybersecurity specialists to look into the incident and put in place more security measures.
Acting Premier Ben Carroll gave the public reassurance that the court’s operations were unaffected, stressing that all necessary safeguards were in place to protect court cases, hearings, and evidence and that the cyberattack on Victoria Court was well-contained. A special center has been set up to help anyone who the hack might have impacted.
Public confidence in the security of court proceedings remains a top priority as CSV works with cybersecurity experts to address the aftermath of the attack. As we learn more about the ransomware attack on Victoria Court and the claims made by the Qilin ransomware gang, we will update this post. This is a developing story.
Records of cases may have been made public due to a cyberattack on Victoria’s judicial system
An independent expert believes that Russian hackers were responsible for the ransomware attack that targeted Victoria’s court system.
Court Services Victoria (CSV) spokesperson: An area of the audio-visual archive of the court system was compromised by hackers. This would imply that it’s possible that hearing recordings containing witness testimony from extremely private cases were obtained or taken.
CSV is currently making an effort to inform those whose court appearances were compromised by hackers. They will also establish a contact center today for those who think they might have been impacted.
Although the recordings came from hearings held between November 1 and December 21, it’s possible that some hearings held earlier in November were also impacted.
The attack was detected on December 21, just before the Christmas break, when staff members’ computers were locked and messages with the subject line “YOU HAVE BEEN PWND” showed up on screens.
The email pointed court employees to a text file containing threats from hackers to release files taken from the court system, along with a dark web address where they could find instructions on how to retrieve the files.
The most severely impacted cases, according to CSV’s update on Tuesday morning, were County Court cases.
There may have been access to all criminal and civil hearings that were log on to the network between November 1 and December 21, including at least two cases involving past instances of child sexual abuse.
The Criminal Division, the Practice Court, the Court of Appeal, and two regional hearings in November were among the recordings that may have been accessed, severely impacting the Supreme Court as well.
One October hearing from the Children’s Court might have persisted on the network, but none of the hearings from November or December have been compromised.
There were no VCAT committal hearings impacted, but there were some Magistrates Court committals.
Ben Carroll, the acting premier, stated that court operations had no impact.
“I recognize that all court cases, hearings, evidence, and procedures are fully protected and that this attack has essentially been contained. We have great faith that we will uncover the truth,” he remarked.
The court system was most likely the target of a Russian phishing attack employing commercial ransomware known as Qilin, according to independent cyber security expert Robert Potter, who has seen evidence of the attack.
“It’s a double extortion approach,” he explained.
“They extract the data and encrypt it after that. They will leak your data if you don’t pay, and you won’t be able to access it.”
According to a representative for Court Services Victoria, CSV “took immediate action to isolate and disable the affected network and to put in place arrangements to ensure continued operations across the courts.” Hearings will therefore take place in January.”
Protecting court users’ safety is our top priority. Making sure our systems are secure is the main goal of our current efforts.”
As a wealthy, developed nation, Australia is a prime target for cyberattacks, according to cyber security experts.
Earlier Week St. Vincent’s Health network was also targeted in the run-up to Christmas, along with other prominent businesses and organizations