Another Australian firm faced a ransomware attack, with the notorious BlackCat ransomware gang, a.k.a. ALPHV , claiming to steal a total of 375 GB of data from real estate business LJ Hooker Palm Beach.
The threat actor has claimed to have downloaded the data from the Australian real estate giant’s file server. According to sources, the hackers stole multiple files, including but not limited to the company’s internal data, personal data, employee and applicant CVs, DLs, IDs, accounting data, financial reports, loan data, insurance, agreement documents, and client information.
*repost*
I have removed my former tweet on this as I had the incorrect LJ Hooker franchise. The victim posted by Alphv #ransomware is Palm Beach in #newsouthwales #cybersecurity #infosec #auspol #Australia #Sydney pic.twitter.com/tdY1XGi4fc
— CyberKnow (@Cyberknow20) December 5, 2022
LJ Hooker is one of the largest real estate franchises with operations spread across the United States of America, Australia, and other regions, with over 700 franchises and 8,000+ staff. BlackCAt added LJ Hooker on its victom list on November 30.
This is the third major cyber attack on Australian entities in three months, after Optus in October and Medibank in November.
BlackCat a.k.a. ALPHV
BlackCat has been involved in many cases in the last couple of months and has successfully infiltrated large corporations. In September 2022, the threat group upgraded and added a new data exfiltration tool, which became a popular threat mechanism in the underground markets and was sold for its double-extortion attacks.
Australian authorities classified ALPHV in 2021 as a “ransomware-as-a-service” gang connected to “Russian-speaking cybercrime actors”. The group poses an “increased” threat to the government and critical national infrastructure (CNI) facilities, according to the classification.
The gang broke into the networks of at least 60 businesses throughout the world between November 2021 and March 2022, said a flash alert from the Federal Bureau of Investigation (FBI).
BlackCat/ALPHV ransomware leverages previously compromised user credentials to gain initial access to
the victim system. Once the malware establishes access, it compromises Active Directory user and
administrator accounts.
The malware uses Windows Task Scheduler to configure malicious Group Policy
Objects (GPOs) to deploy ransomware,” read the flash alert.
Australian real estate and ransomware attacks
Real estate agents facilitate the sale of million-dollar assets of a regular basis, and their data can contain a trove of sensitive financial and personal data that presents an attractive target for the perpetrators of online fraud,” read a report by cybersecurity firm Intalock on cyber attacks on Australian real estate sector.
Australian real estate company Harcourts faced a cyberattack in October, exposing the personal data of renters, landlords, and contractors. According to the company, an unidentified third party gained access to a representative’s account at the franchisee’s administrative support service Stafflink.
In May, online real estate platform Domain was hacked and attackers accessed private data including email addresses and phone numbers. The criminals used a phishing email to trick people into thinking they had enquired about a home and could secure the rental by paying a deposit.