Security Market Segment LS
Wednesday, 05 May 2021 13:09

NSW Labor takes a hit from Windows Avaddon ransomware Featured

NSW Labor takes a hit from Windows Avaddon ransomware Pixabay

The NSW branch of the Labor Party appears to have suffered a Windows ransomware attack, with the Avaddon strain having been used to attack the party's network.

Contacted for comment, a party spokesperson told iTWire: "The matters raised are of serious concerns. We have referred the matter to police and we are conducting a full investigation."

This is the second attack by this gang on an Australian entity over the last few days, with the website of the Telstra dealer, Schepisi Communications, having been taken offline after it was hit.

On its site on the dark web, the group said NSW Labor had about 10 days left to make contact and "co-operate with us". Else, it said, data that had been stolen would be leaked.

It claimed data about contracts, confidential information and contracts, drivers' licence details, passports, employment contracts, and resumes had been stolen.

The Avaddon gang also threatened to hit the party's website with a distributed denial-of-service attack and claimed that any data that had been encrypted would not be able to be decrypted using any external tool.

Photocopies of an Australian passport, a driver's licence and a number of other documents have been posted online.

Avaddon has not been used in many attacks as other strains of Windows ransomware. Prior to the attack on the Telstra dealer, only two other hits were reported by iTWire: one on an aircraft leasing asset manager and the other on a small businessman in Columbus, Ohio.

The security firm Emsisoft, which specialises in tackling ransomware, said in its latest report on the cost of ransomware in 2020 that there had been 2775 attacks on Australian organisations, based on submissions made to the ransomware identification service, ID Ransomware.

But this was believed to be only a quarter of the actual number, Emsisoft added.

Update, 7 May: Ashwin Ram, a cyber security evangelist at infosec firm Check Point, commented: "Check Point Research warned a number of times last year about the spread of ‘Avaddon ransomware’ via the well-established Phorpiex botnet.

"According to Check Point threat intelligence in November 2020, Phorpiex was the top malware family, responsible for distributing many malware families including ‘Avaddon ransomware’, which is claiming responsibility for the attack.

"According to our researchers, Avaddon is a relatively new ransomware-as-a-service (RaaS) variant, and its operators have again been recruiting affiliates to distribute the ransomware for a cut of the profits."

H. Daniel Elbaum, chairman and co-chief executive of sec outfit VeroGuard Systems, said: “Any organisation that holds valuable personal or business data on their servers is a target for cyber attacks. Unfortunately for political parties like NSW Labor, these factors are exponentially increased due to the sensitive nature of the data they hold, and the publicity and disruption hackers can generate from these attacks.

"What this attack shows is that no organisation is immune to attack. In fact, the frequency and likelihood of these attacks, which recently includes schools and hospitals, has been further exacerbated by the current trend to move everything to the cloud, providing cyber criminals with greater attack options.

"Protecting access to our systems The most important requirement for safeguarding cyber infrastructure is to positively assure the authentication of a user requesting access to the cyber infrastructure and services. All privacy safeguards in place are useless if a hostile intrusion can be disguised as coming from an assumed trusted source.”

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News