Powered by
MOMENTUM
MEDIA
The Legal Practice Board of Western Australia has suffered a ransomware attack, with hackers claiming to have exfiltrated 300 gigabytes of data, including limited contact details & correspondence and bank account information.
Editor’s note: This article was originally published on Lawyers Weekly’s sister brand, Cyber Daily.
In the post, dated 26 May, the hackers shared some details of the data exfiltrated; however, due to an injunction, Cyber Daily is unable to report on the contents of what has been published.
The Legal Practice Board of Western Australia has confirmed it is aware of the actor’s claims.
“The Legal Practice Board (the Board) is currently investigating a cyber incident which has resulted in some of its systems being taken offline, including the board’s online services,” a spokesperson for the board told Cyber Daily.
“The Board is working to restore access to systems as soon as possible and has implemented manual workarounds to ensure that we can continue to deliver key services, including processing applications and renewals for Australian practising certificates. We apologise for any inconvenience caused while this work is underway.
“We are also investigating the nature and extent of this incident as a priority, with support from external experts.”
According to the board, limited correspondence and contact details have already been disclosed by the incident, including operational and resourcing information. "Bank account details for the Board and some legal practices" have also been compromised.
“We would like to assure our stakeholders that we have not detected any impact to sensitive information at this time. We will provide further updates as we know more,” the spokesperson said.
“The board has also obtained an injunction to prevent any access, dissemination or sharing of any data impacted by this incident. Any attempt to access this data would be in contravention of this court order.
“The board is also working closely with Cyber Security Western Australia – part of the Office of Digital Government, in the Department of Premier and Cabinet, and other relevant authorities in response to this incident. Further updates will be provided as needed as the response progresses.”
Little is currently known about the Dire Wolf operation, and it has so far posted only six victims to its leak site, all on 26 May. According to the group’s About page, “We are a group of hackers who only seek money.”
“No morals, no political stance, no LGBT.”
The gang claims to utilise double-extortion techniques, both stealing and threatening to publish data, and encrypting that data, forcing victims to pay a ransom in order to purchase a decryptor to unlock their files.
Dire Wolf’s contact page provides a Tox messaging ID and claims that the gang is based in New York. The copy on the site suggests that the hackers are at least familiar with English, if not native English speakers.
The Legal Practice Board of Western Australia is a public sector, independent statutory authority that issues practising certificates and assists the Supreme Court of Western Australia with new admissions to practice.
“The board also supports the legal profession and the community by providing educational and professional development services, and promoting clear and comprehensive information,” the board said on its website.
In the 2023–24 financial year, the board issued 8,094 practising certificates.
Login
