Platinum Telstra Partner Struck by a Cyberattack
Schepisi Communications, a platinum Telstra Partner, provides voice, mobiles and data services to a range of enterprise, business and SME customers. Last week, the Melbourne-based telecom provider was struck by a cyberattack. Not long after, hackers posted a disturbing ransomware note on the dark web, giving Schepisi 240 hours (10 days) to communicate and cooperate with the cybercriminals. The gang likely posted the same note on the victim’s systems.
Sensitive Data Stolen
The hacker’s note claims to have stolen sensitive information, including “data on mobile devices, tens of thousands of SIM cards and a lot of information for them, financial information, contracts, banking information, and more”. Telstra has already confirmed that a security breach has affected one of their dealers. According to a spokesperson, Telstra is aware of unauthorized access to certain confidential information, but also assured that the affected systems are not connected to Telstra’s network.
Dealing with a Triple Hit
The hackers are using a triple-pronged approach. This means that they are affecting their victim in three different ways. First, they steal their data. Next, they encrypt it. This is to ensure that the victim can no longer access their systems without the criminal’s help. Lastly, the hackers shut down the victim’s website with a simple DDoS attack. To prove their point, the hackers have already leaked some of Schepisi’s documents on the dark web. The documents show what appear to be the names and phone numbers, as well as information on some of Schepisi business customers. These include multinational Nestlé, a Melbourne radio station, a local property management firm and a financial service company.
Avaddon Gang the Culprit
The gang behind the attack used Avaddon malware to gain access to Schepisi’s systems. Avaddon is a Maze-like computer virus that emerged in the summer of 2020. The ransomware is typically propagated through phishing emails that are seemingly innocent or spark the curiosity of users. Once attacked, victims see a ransomware note in every folder with encrypted files. Just like Maze, the Avaddon gang may leak some of the stolen data on a fit-for-purpose data leak site on the dark web to scare victims into paying the ransom. What makes Avaddon more unique is that, in addition to encrypting files and removing shadow copies or normal back-ups, it also tries to delete system backups. Further, the malware can disable automatic system restoration tools and also empties the recycle bin.
Free Decrypters for Ransomware Victims
To help victims of ransomware, law enforcement agencies and IT Security Companies have joined forces to disrupt cybercriminals’ businesses. For example, on the No More Ransom website they offer victims tools to retrieve their encrypted data without having to pay the criminals’ ransom. Victims can also upload an encrypted file in order to check, using “Crypto Sheriff”, whether a different solution is available. Unfortunately, there is no decrypter available for the current version of Avaddon ransomware. Earlier this year, a Spanish student released a free open-sourced tool to decrypt systems infected with Avaddon. However, the Avaddon gang soon found out and updated their code. This effectively negated the tool’s capabilities.
