HWL Ebsworth’s hackers hit with final injunction
A Supreme Court made a final interlocutory injunction against HWL Ebsworth’s hackers from sharing or using the stolen information.
The final interlocutory injunction restrained hackers from the ALPHV, or “BlackCat”, hackers group from publishing the HWL data on the internet, sharing it with any person, or using the information for any reason other than for obtaining legal advice on the court’s orders.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Justice Michael Slattery of the NSW Supreme Court said there was some “utility” in making the injunction permanent.
“The court cannot know what effect the grant of an injunction will have against ‘persons unknown’. But the fact threat actors have been prepared to engage in repeated criminal conduct through the original exfiltration … is a strong reason to grant the injunction,” he added.
While it is unaware what effect this injunction will have on the hacker group, the court noted it would be useful to notify potential publishers that they “should not take any steps to frustrate” the orders.
The injunction will also “assist in limiting the dissemination of the exfiltrated material by enabling HWLE to inform online platforms, who are at risk of publishing the material”, Justice Slattery said.
The Russia-based hacking group emailed HWL personnel in late April 2023 with a threat it had taken 3.6 terabytes of “absolutely and highly confidential data” it was prepared to make public on the “dark web” unless the firm paid them at least $4 million.
About a quarter of the information was leaked online when HWL refused, leading to an urgent application for the original injunction.
After this was granted in June 2023, HWL sent the orders to an email address used by the hackers to issue their threats.
In response, the hackers replied: “F*** you f******”.
“Court infers from the terse three-worded message … that some of the threat actors were displeased that HWLE had taken legal proceedings rather than paying the ransom,” Justice Slattery said.
Ten days later, the sample cache of HWLE data could no longer be found on the dark web forum where it had previously been identified.
According to reporting from Lawyer’s Weekly’s sister brand, Cyber Daily, the hack impacted Australian Federal Police personnel, 65 government agencies, and organisations like the big four banks.
It was also reported some victims were unaware their data was stolen until six months after the injunction was granted.
When considering the permanent injunction, Justice Slattery raised the question of what might happen if some of the unknown members of the BlackCat hackers group were identified.
While there is “no compelling reason” to expect that to happen, Justice Slattery said HWL may wish to seek further relief against any identified individuals and permitted the firm liberty to apply to seek to join as named defendants any of those individual people.
Following the hack, the National Office of Cyber Security conducted a review of the “lessons learnt”, including maintaining public communications, timely and accurate data analysis, and consideration of a broader group of stakeholders.