Ransomware Hits Australian Telecom Provider Telstra’s PartnerAvaddon Group Claims It Stole SIM Card Data, Banking Information
A ransomware gang claims to have stolen SIM card data and banking information in an attack on Schepisi Communications, a service provider to Australian telecommunications company Telstra, local news outlet News.com reported.
Among the Telstra customers affected by the breach are Nestle, a radio station, an Australian property management firm and a financial services company based in Victoria, according to the news report. Schepisi Communications provides phone numbers and cloud storage services to certain Telstra customers.
It's unclear when Schepisi Communications sustained the breach, but News.com noted the company’s website was down last week. A spokesperson for the company told News.com that personal details of customers were not exposed.
On Tuesday, the local news site iTWire reported that the Avaddon ransomware group posted a ransom note in a dark web forum claiming to be responsible for the Schepisi Communications hack.
The group claimed the hacked data included details of mobile devices, SIM cards and banking information on thousands of Telstra customers. The hacker also threatened to leak sensitive Schepisi Communications data if the company fails to pay the ransom demand within 10 days.
Telstra and Schepisi Communications could not be immediately reached for comment.
In addition to Schepisi Communications, the Avaddon group is believed to have compromised the New South Wales branch of Australia's Labour Party, according to iTWire.
Avaddon ransomware was first spotted in the wild in February 2020 by security firm Trend Micro. In June 2020, Trend Micro revealed that the strain is spread as a malicious image file in email attachments. When downloaded, the malware encrypts the files in the victims' devices with the .avdn file extension.
"Users will see that their system desktop's wallpaper has been automatically changed to an image that states that "all your files have been encrypted" and refers to the ransom note," Trend Micro noted.
By October 2020, the Avaddon group reportedly was leveraging distributed denial-of-service attacks against victims to force them to pay the ransom.
A recent report by security firm Awake noted Avaddon operates under a ransomware-as-a-service model and demands a ransom between $150 and $900 from its victims. Awake also noted that because the group uses strong encryption keys, it is impossible to decrypt the files without the key that was used to encrypt it.
Surge in Ransomware
A report by security firm Sophos found that ransomware attacks steadily rose in 2020, with the average ransom payout rising by 21% in the first quarter and the amount tripling by the fourth quarter.
"Ransomware threat actors understand how expensive downtime can be, and have been testing the upper limit of what they can extract in a ransom attack," the Sophos report notes.
More ransomware gangs worldwide have been exfiltrating data and demanding a ransom under threat of publishing it, as in the Telstra incident.
"The list of ransomware families that engage in this practice continues to grow, and now includes DoppelPaymer, REvil, Clop, DarkSide, Netwalker, Ragnar Locker and Conti, among many others," the Sophos report notes. "The attackers operate 'leaks' sites, where they publicize what data they’ve stolen; REvil allows anyone to buy the data from them right from its website."