[ad_1]
Exclusive: Dire Wolf claims ransomware attack on WineWorks Australia
Threat actors have claimed a cyber attack on an Australian South Australian wine freight and logistics firm, claiming to have stolen both customer and business data.
Established in 2004, WineWorks Australia is a freight and logistics company servicing the booming South Australian wine industry, with temperature-controlled warehouses and solutions that allows wine to be transported to its destination “in the same condition that your winemaker intended.”
On August 25, the company was listed on the dark web leak site of the Dire Wolf ransomware gang, who claimed to have exfiltrated 22GB of data, including customer information, sales data and financial data.
You’re out of free articles for this month
Dire Wolf also posted a link to a list of exfiltrated files and said that it would “publish all documents” by September 10.
According to the file list, data includes login passwords, vehicle service histories, licenses, wine picking slips and many other business documents, the contents of which are unknown.
Cyber Daily has reached out to WineWorks Australia and is awaiting a statement.
Dire Wolf is a relative newcomer to the ransomware space, first appearing in May when it listed 6 victims at once, including the Legal Practice Board of Western Australia.
In a post on May 26, the group claimed to have exfiltrated 300 gigabytes of data, including limited contact details and correspondence and bank account information.
Within the post, the hackers shared some details of the data exfiltrated; however, due to an injunction, Cyber Daily is unable to report on the contents of what has been published.
Alongside links to sample data, Dire Wolf has published its intended timeline for publishing the dataset. Sample data was published on 26 May, and the gang plans to publish half the files on 15 June, with the remaining to come on 30 June.
The Legal Practice Board of Western Australia has confirmed it is aware of the actor’s claims.
“The Legal Practice Board (the board) is currently investigating a cyber incident which has resulted in some of its systems being taken offline, including the board’s online services,” a spokesperson for the board told Cyber Daily.
“The board is working to restore access to systems as soon as possible and has implemented manual workarounds to ensure that we can continue to deliver key services, including processing applications and renewals for Australian practising certificates. We apologise for any inconvenience caused while this work is underway.
“We are also investigating the nature and extent of this incident as a priority, with support from external experts.”
According to the board, limited correspondence and contact details have already been disclosed by the incident, including operational and resourcing information. “Bank account details for the board and some legal practices” have also been compromised.
“We would like to assure our stakeholders that we have not detected any impact to sensitive information at this time. We will provide further updates as we know more,” the spokesperson said.
Daniel Croft
Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
[ad_2]
