This article reports that Court Services Victoria, which operates court services in Australia’s Victoria state, has been targeted by a ransomware attack. The attack, described as a “cybersecurity incident,” was detected on December 21 and resulted in unauthorized access to the court’s audio-visual in-court technology network. As a result, video recordings, audio recordings, and transcription services were disrupted. The attack potentially compromised records of some hearings between November 1 and December 21, as well as some records before November 1. However, no other court records or systems were accessed. Court Services Victoria has taken immediate action to isolate and disable the affected network and is working with cybersecurity experts to investigate the attack. They have also notified relevant authorities and are working on notifying affected individuals.
The specific form of the attack has not been disclosed, but staff at Court Services Victoria reportedly received a message on their computers stating “YOU HAVE BEEN PWND.” The message directed court staff to a text file in which the hackers threatened to publish the stolen records unless a ransom payment was made. A cybersecurity expert cited by the Australian Broadcasting Corp. claims that the Qilin ransomware was used in the attack and suggests that it may have originated from Russia. However, Qilin ransomware is offered on a ransomware-as-a-service basis, meaning that an affiliate could have been responsible for the attack and may be located anywhere.
Qilin ransomware, also known as “Agenda,” was first documented in August 2022. It initially operated as Go-based ransomware but switched to using the Rust programming language in December 2022. Qilin ransomware attacks typically involve the use of phishing emails to gain initial access to targets, followed by the encryption and theft of sensitive data. The group behind Qilin primarily targets entities in critical infrastructure, education, and healthcare across multiple countries, including Australia, Brazil, Canada, France, and the U.S.
This ransomware attack on Court Services Victoria highlights the ongoing threat of cyberattacks targeting critical infrastructure and government services. It underscores the importance of robust cybersecurity measures to prevent and mitigate such attacks. Organizations must remain vigilant and prepared to respond to evolving cyber threats to protect their data and operations.