Following ransomware disruption
The AFP is urging victims of cybercrime to report ransomware attempts following the disruption of a dangerous ransomware group.
Operation Orcus – a multi-agency ransomware taskforce established by the AFP – received a request from the Dutch National Police last month (September 2022) for assistance in investigating a ransomware group called Deadbolt.
Deadbolt had infiltrated the computers of more than 15,000 people and companies in 13 countries and was demanding payments of about AUD $US1500 from the victims in exchange for file decryption. At least 12 Australians were among those targeted.
Police were able to retrieve more than 150 decryption keys from the ransomware group which enabled about 90 per cent of reported victims to access their files, photos, and personal data without paying the ransom.
As a result of the disruption, the AFP obtained decryption keys for several Australian victims.
The disruption by police in both countries caused the cybercriminals behind the attack to shut down Deadbolt.
Victims who filed reports were the first people to tip off the police and receive their data back. Unfortunately for victims who didn’t report it, their chances of retrieving their data back was low.
This operation has demonstrated how valuable it is for people to report cybercrime especially if they have been affected.
AFP Acting Superintendent Ashley Wygoda said the many victims of ransomware attempts, including Deadbolt, were small businesses or people working from home.
“The increased shift to online work and learning during the pandemic left people vulnerable to cyber criminals who sought to take advantage of the community’s high-median wealth,” Acting Superintendent Wygoda said.
“We are seeing cybercriminals employing more intelligent tactics, which can lead to the loss of data, personal information and finances.”
“The AFP is urging people affected by ransomware, or any other cybercrime, to report it as soon as it happens to increase their chances of achieving a positive outcome.”
In July 2021, the AFP established Operation Orcus to coordinate the efforts of national law enforcement agencies against ransomware, including targeting developers and those who utilise Ransomware-as-a-Service.
Working with its partners, Operation Orcus has analysed hundreds of ransomware incidents. Operation Orcus has protected Australian organisations through 18 preventive engagements since July 2022, and prepared advisory reports for other investigative agencies.
Operation Orcus includes partners from ACIC, ACSC (ASD), AUSTRAC and state and territory police.