Get all your news in one place.
100’s of premium titles.
One app.
Start reading
AAP
AAP
Business
Marion Rae

Russia, Ukraine hackers run ransomware ops

Defence Minister Peter Dutton has warned Australian firms to expect cyber attacks from Russia. (AAP)

The war has not diminished the threat to Australia from "cyber criminal superpowers" Russia and Ukraine, a leading cyber security strategist warns.

Targets of ransomware attacks - a growing threat to the digital economy - have ranged from logistics giant Toll Group to hospitals in Victoria in recent years.

One of the criminal groups aligned with Russia in its invasion of Ukraine is Conti, Defence Minister Peter Dutton has said.

"The Ukrainian side of Conti is still the most active cyber actor we observe in Australia, even over the last couple of weeks," security expert Ryan Kalember from US firm Proofpoint said on Thursday.

"We see them sending millions and millions of malicious messages."

Many Russian and Ukrainian cyber criminals are working together, he told AAP.

"There's a lot of cyber adversary talent in both countries - those are perhaps the two cyber criminal superpowers."

Conti is the most successful ransomware-as-a-service (RaaS) operator and Australia has one of the world's highest rates of ransomware impacts, Mr Kalember says.

Ransomware is a form of malicious software, or malware, that can lock out computer users.

Hackers then demand money in exchange for restoring access to data and systems.

"That has a high likelihood of being the most disruptive event any organisation will experience," Mr Kalember said.

"You have a relatively high rate of cyber insurance, where policies pay out, and a lower rate of spending on defence."

While companies remain a target for ransomware, he says Australians also need to watch out for Ukraine-inspired fraudulent donation emails, similar to scams run after floods and bushfires.

Defence Minister Peter Dutton this week identified Conti as being behind 13 successful ransomware attacks on Australia, including attacks on critical infrastructure.

Conti's operation includes malware coders, administrators and English-speaking negotiators who extract payments.

Toll suffered two ransomware attacks in 2020, one locking systems for weeks with malware thought to have infected 1000 servers.

While most Australian criticism has focused on China in recent years, Russian agencies and their state-sponsored hackers have sought to attack the systems and networks of Western economies for decades.

"We are not exempt from this attack," Mr Dutton said at the opening of a new Australian Signals Directorate facility.

"In fact we are a target, as a western democracy, as a nation who stands up for her values, a nation that believes in the international rule of law, we are a huge target in the modern age."

He said reprisals expected from Russia and others in the next few years should be acknowledged and recognised.

Companies also need to ramp up their workforces to withstand attacks.

But China remains the most significant cyber threat, and most likely to use it as a tool of state, Mr Kalember says.

"That's mostly been around industrial espionage, which we know is aligned with their 'belt and road' initiative and longer term economic goals."

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.