Stolen RBNZ data could be leaked
AUCKLAND: A United States law firm caught up in the same data breach as the Reserve Bank has had some of its stolen files leaked online by a ransomware gang.
A security expert says that means it is possible that some of the RBNZ’s stolen files, described by the bank as ‘‘sensitive’’, could be leaked on to the internet.
Ransomware gangs typically make small amounts of data public in a bid to pressure a victim to pay millions for the return of the rest. That was the case with an attempt to blackmail F&P Appliances last year, although the whiteware maker refused to pay.
Hackers in midDecember breached the security of US company Accellion’s filesharing service called FTA, used by the Reserve Bank and other customers to transfer large files.
Other organisations affected included Singapore’s largest phone company SingTel, the Australian Securities and Investments Commission and the Washington State Auditor’s Office in the US.
Giant US law firm Jones Day, recently in the news for dropping highprofile client Donald Trump, confirmed to Law.com yesterday that it also lost files in the Accellion hack.
The site said Jones Day files had been leaked online by a ransomware gang known as Clop, that has been behind a number of highprofile cyberheists. The New Zealand Herald was shown links and screen shots indicating this was the case.
Clop later told the Wall Street Journal it had more than 100 gigabytes in files taken from Accellion customers.
A ZDNet report says Clop has a history of combing through stolen documents, looking for details that can be used to blackmail top managers.
Brett Callow, a threat assessment expert with security company Emisoft, told The Herald:
‘‘If Clop was responsible for the attack on Accellion, it means that Clop may also be in the possession of data relating to RBNZ and the other Accellion customers.
‘‘It also means that those organisations’ data may end up being posted online, as Jones Day’s data already has.’’
Mr Callow added, ‘‘Another possibility is that Clop bought the data for the purpose of extorting Jones Day, or came to a revenuesharing agreement with the group responsible for the attack on Accellion. That’s no better though, as it would mean the data is up for grabs.’’
Clop said in a statement to the Wall Street Journal yesterday that it contacted Jones Day on February 3, but that negotiations had yet to begin.
The Reserve Bank has been asked for comment, and if it had received a ransomware demand.
Earlier, the bank said it had identified ‘‘sensitive’’ files that had been exposed in the data breach, and that it was talking to the parties concerned. However, the RBNZ has not said what information was exposed, or who it belonged to.
It is likely the Reserve Bank was using Accellion’s FTA (File Transfer Appliance) to share files with retail banks and insurance companies.
A spokesman said yesterday it was unlikely the RBNZ would ever say what files were stolen, citing security reasons.