????? The HWL Ebsworth ransomware attack shows the importance of understanding your data

Hi there,??

Welcome to FILED Newsletter, your round-up of the latest news and views at the intersection of data privacy, data security, and governance.??

This month:?

• A court rules platforms like Meta can’t hide ugly data usage in their terms of service.?
• The US Securities and Exchange Commission gives public companies four days to disclose data breaches.?
• A new data breach consequence? Getting sued by the NBA.?

But first: Time to get serious about ransomware.??

Ransomware is on the rise; you need to prepare?

The impact of the HWL Ebsworth ransomware attack continues to grow, with a subsidiary of Regional Express airline (Rex) and Judo Bank announcing they had been exposed as part of the hack.?

The Australian law firm was a victim of a cyberattack from Russian-linked ransomware gang ALPHV/Blackcat in late April, with 3.6TB of data stolen and 1.4TB of the data published on the dark web in June.?

Rex said “confidential exchanges” between it and a client had been exposed, though Rex Airlines had not been affected, while Judo Bank said it had provisionally contacted customers and employees it believed may have been impacted.?

The firm has several hundred clients, making this a supply chain attack.?

These clients include the Victorian and Queensland governments, who have also been caught up in the breach. In the case of Victoria, the attackers published highly sensitive legal documents on the dark web. Telecommunications provider Optus was also impacted, less than a year after its own attack for which it faces legal action.?

These ransomware hacks sometimes play out in slow motion over a long period, with a steady drip of new details and new victims. So far, the firm says it has spent 5000 hours and AU $250,000 fighting the hack. This process can feel especially drawn out when the target doesn’t know the scale of the impact because they can’t tell what data has been taken. When you have a client list as long as Ebsworth’s, it can feel daunting to consider what other sensitive discussions may be contained in that 3.6TB of data.?

Ransomware attacks are growing, and the ecosystem that supports them is evolving. A new report from security consultant and anti-ransomware vendor Halcyon says a seemingly innocuous cloud hosting provider, Cloudzy, may be a front for an Iran-based company that provides command-and-control services to ransomware attackers. The report says threat actors connected to Russian, Chinese, Iranian, and North Korean governments had used Cloudzy’s services, which do not require formal identity verification and accept cryptocurrency as payment. Such services make ransomware attacks easier to launch.?

From chaos to confidence??

Contrast this disruption with Fortescue Metals, which shrugged off a ransomware attack (from threat actor C10p, who we discussed here last month) as a minor incident. Their tone? Confident.?

Based on lessons from our customers, here is our advice for gaining this tone:?

1. Clean and inventory your digital footprint and remove the data you don’t need.?
2. Prepare for attacks on service providers by ensuring they meet your standards.?
3. Review your business continuity management/disaster recovery processes.?
4. Give your data team the tools they need to execute.?
5. Incorporate cybersecurity expertise into board/governance models.?

Ultimately organizations that know their data, its location, and who can access it can confidently respond to these attacks. You must focus on building a comprehensive picture of the data you hold, its level of risk, and who has access. Then you can make better privacy decisions to remove what you don’t need and secure the most sensitive information.?

Otherwise, you risk ending up like Ebsworth, or Optus, that nearly a year after its own cyberattack, says it still does not know how much data was stolen.?

Enjoying this edition of FILED so far??Read the full version, and?sign up to get next month's email in your inbox.