Ransomeware mitigation alert

12 April 2022
The department is advising all funded agencies to be on alert for a type of ransomware known as BlackCat (also known as ALPHV). This ransomware exploits vulnerabilities on unpatched systems (e.g. unpatched Microsoft Exchange Servers) to first steal and copy data before encrypting devices and then threatening to publish the data if the ransom is not paid.

A ransomware attack is when an attacker restricts access to files and systems by encrypting them into a locked and unusable format. The encrypted files are then held for ransom. In some cases, even when the ransom has been paid, the data may not be destroyed, is sold to a third party or made publicly available.  

What do I need to do?

Please speak with your IT department or your IT service provider to ensure your organisation is following best practice security controls to mitigate against this threat e.g., implementing multifactor authentication and establishing regular patching on servers.  

Where can I get more information?

You can get more information about the specifics of the BlackCat ransomware and recommended actions from the VPDSS SharePoint Site. In addition, consider subscribing to Australian Cyber Security Centre’s Alert Service to receive alerts about the latest threats and vulnerabilities within an Australian context, and how to address cyber risks here https://www.cyber.gov.au/partner-hub/acsc-partnership-program