IOTW: Victoria Court recordings exposed in suspected ransomware attack

Court hearings between November 1 and December 21 2023 may have been accessed

Add bookmark

Michael Hill
01/05/2024

Australia’s Court Services Victoria (CSV) has warned that video recordings of court hearings were exposed after suffering a cyber security incident in December. In a statement published this week, CSV said the incident led to unauthorized access that caused disruption of the audio visual in-court technology network, impacting video recordings, audio recordings and transcription services. Recordings of some hearings in courts between 1 November and 21 December 2023 may have been accessed, it added. It is possible some hearings before 1 November are also affected.

CSV did not specify who it believes to be behind the attack, but sources speaking to ABC News report that the Qilin ransomware gang carried out the hack.

CSV took immediate action to isolate and disable the affected network and to put in place arrangements to ensure continued operations across the courts, it said. As a result, hearings in January will be proceeding.

CSV working with authorities and cyber security experts

CSV has notified the relevant authorities about the incident, including Victoria Police, whose cybercrime squad is investigating. “We are working closely with the cyber security experts in the Victorian Department of Government Services. We have also secured support from IDCARE, Australis’s national identity and cyber support community service,” CSV stated.

Courts are notifying parties whose hearings may have been affected. “CSV is not currently aware of any recordings being released but will notify the relevant authorities should this occur. Maintaining security for court users is our highest priority and we recognize and apologize for the distress this incident may cause,” it said.

What is the Qilin ransomware group?

Qilin is a Ransomware-as-a-Service (RaaS) affiliate program that uses a Rust-based ransomware to target its victims. Operators of Qilin utilize a double extortion technique, meaning they exfiltrate a victim’s sensitive data in addition to encrypting it. They then demand payment for a decryptor and the non-release of stolen data even after the ransom is paid. Qilin ransomware has various encryption modes, all of which are controlled by the operator, wrote cyber security firm Group-IB.

READ: How ransomware extortion is evolving

Qilin is known to target its victims through phishing emails that contain malicious links to gain a foothold in the victim’s network and exfiltrate sensitive data. Once Qilin completes initial access, they typically move laterally across the victim’s infrastructure, searching for essential data to encrypt.