Why defeating scammers is not a task for individuals
Posted on 02 Oct 2024
Collective action against excessive greed and unethical behaviour by vested interests has never…
Posted on 26 Mar 2024
By Matthew Schulz, journalist, Institute of Community Directors Australia
International authorities claim to have “destroyed the online backbone” of a ransomware group that stole data from 70 Australian charities.
The Australian Federal Police (AFP) cooperated with counterparts in 13 other countries to crack down on the LockBit ransomware group under Operation Cronus.
Authorities took control of the LockBit sites to turn the tables on the hackers, using those dark web sites to announce the counter-hack.
Police also arrested several suspects, froze LockBit Bitcoin accounts, shut down servers and websites, and took charge of ransomware infrastructure, such as LockBit’s “StealBit” platform.
The LockBit group targeted Australia’s Pareto Phone charity telemarketing group to devastating effect in August last year. That attack saw the information of nearly 50,000 charity donors from the nation’s leading charities leaked onto the dark web.
Affected charities included WWF Australia, the Australian Conservation Foundation and Plan International Australia. Many charities were infuriated that Pareto Phone allegedly retained customer data for years more than it should have.
Operation Cronus was led by Europol, the UK’s national crime agency’s cyber division, the US Justice Department and the FBI. As well as the AFP, police in France, Germany, Switzerland, Japan, Sweden, Canada, the Netherlands, Finland, New Zealand, Poland and Ukraine were involved.
AFP assistant commissioner Scott Lee said the global taskforce’s investigation was a major breakthrough.
“This investigation has not only taken down the world’s most prolific ransomware group, but also damaged the group’s reputation and credibility beyond repair.
“We have obtained a vast amount of data from investigations so far and will continue to follow all leads and bring those responsible to justice,” Mr Lee said.
The AFP provided a link to the No More Ransom portal which would enable victims to decrypt data that used the LockBit encryption method.
The US Department of Justice in its media release described LockBit as “one of the most active ransomware groups in the world”, saying it had targeted more than 2,000 victims and received more than $184 million in ransom payments.
US Deputy Attorney General Lisa Monaco said the operation had “destroyed the online backbone of the LockBit group, one of the world’s most prolific ransomware gangs”, but would continue to pursue its criminal affiliates across the globe.
Related investigations over the past 18 months led to the jailing of a Russian-Canadian dual citizen this month.
Mikhail Vasiliev was caught in his garage trying to extort three Canadian companies by encrypting computer systems and demanding hundreds of thousands of dollars.
Authorities named Vaisiliev and four other Russian nationals as targets of the LockBit investigation.
Despite the action, reports suggest that LockBit criminals have already re-emerged using new encrpytors and servers.
Australia’s privacy watchdog, the Office of the Australian Information Commissioner (OAIC), is continuing an investigation into the Pareto Phone breach, which it launched in late October.
The investigation appears likely to be completed by late this year, and is expected to examine complaints by several charities that Pareto Phone held onto customer data for years after the information should have been deleted, in breach of privacy laws.
The OAIC is now working with the liquidators of Pareto Phone, given the telemarketing company collapsed owing $17.3 million soon after the hack, when most of its clients abandoned it.
The OAIC’s latest data breach report, released last month, showed breach notifications were up 19% in the six months to December 2023, with Australia’s health sector by far the worst affected. The report showed that malicious attacks remain the most common form of breach, and comprise two-thirds of all breaches. A separate study by Infoxchange suggested 12% of NFPs suffered a cybersecurity incident in the past year.
Australia Information Commissioner Angelene Falk used the latest report to reiterate the dangers of outsourcing personal data handling to third parties.
Ms Falk said the OAIC had witnessed a high number of multi-party breaches, most as a result of a breach of a cloud or software provider.
“Organisations need to proactively address privacy risks in contractual agreements with third-party service providers,” Ms Falk said.
Fundraising Institute Australia (FIA), the Australian Securities and Investments Commission (ASIC), and the Australian Charities and Not-for-profits Commission (ACNC) have also warned organisations in recent months to be more careful when dealing with third-party operators that have access to personal data.
Earlier this month, the Australian Signals Directorate (ASD) released a guide to cybersecurity for charities and not-for-profits. It forms part of a bank of resources available to the sector, including ICDA’s cybersecurity self-assessment tool, released last year.
The ASD’s guide provides suggestions on preventing attacks and preparing for them too.
Posted on 02 Oct 2024
Collective action against excessive greed and unethical behaviour by vested interests has never…
Posted on 01 Oct 2024
Charities are being placed under increasing pressure as the cost-of-living crisis drives a surge in…
Posted on 01 Oct 2024
As a not-for-profit leader with decades of experience, the CEO of Impact Investing Australia, David…
Posted on 01 Oct 2024
David James remembers the first words he spoke into the microphone as Australia’s inaugural FM…
Posted on 01 Oct 2024
Maintaining public trust is a crucial element in the ability of charities and not-for-profits to…
Posted on 27 Sep 2024
Community organisations and the volunteers who largely run them are the glue that holds many…
Posted on 25 Sep 2024
Australia’s leading social impact measurement awards have a new look in their 10th year.
Posted on 25 Sep 2024
The Australian Taxation Office (ATO) is under fire for making it harder for charities and…
Posted on 24 Sep 2024
The Adelaide Crows won’t take part in this week’s AFL Grand Final, but they can take pride that one…
Posted on 24 Sep 2024
Women aged over 55 are one of the nation's fastest growing groups experiencing homelessness.
Posted on 24 Sep 2024
A new aged care foundation has been established to address what its founders claim is a significant…
Posted on 19 Sep 2024
The not-for-profit and community sector has welcomed the decision to conduct a Senate inquiry into…