Australia: Tandem Corp hit by Windows ransomware

iTWire - Australian firm Tandem Corp hit by Windows NetWalker ransomware

Australian firm Tandem Corp hit by Windows NetWalker ransomware Featured

Sam Varghese
Wednesday, 02 September 2020

Australian workforce design and delivery firm Tandem Corp has confirmed that it was the victim of a cyber attack recently, with one of its Melbourne offices coming under attack.

The attack was claimed by a group that said it had used the Windows NetWalker ransomware to breach the company's defences.

Screenshots of data, allegedly stolen from the company, a common trait of many ransomware strains, has been listed on the dark web by the group. A Tandem spokesman said at this point, the company was not aware of any data breach that was notifiable under Australian law.

The screenshots include files which appear to contain financial data, personnel information, and also passport details.

The gang behind the attack has given Tandem a little more than 13 days as of today before the data would be released on the dark web.

The Tandem spokesman described the attack as being on a "localised system" and claimed it had not succeeded in encrypting data at the two key data centres where client information is stored.

Tandem, which is based in the Melbourne suburb of Malvern, works with about 2900 subcontracting companies who have more than 5200 workers working in a number of industries.

NetWalker has not been commonly used by criminal gangs in recent times, with only five attacks being worthy of mention over the last few months.

These included an attack on Jands, an Australian company that distributes some leading audio, lighting and staging brands for installation, production and retail industries throughout Australia and New Zealand.

Another attack of note was on Forsee Power, a company that designs and manufactures smart lithium-ion battery systems for electro-mobility markets, with a third being on Trinity Metro, a regional transportation authority of the state of Texas.

Prior to that the University of California in San Francisco admitted it paid US$1.14 million to a gang that used NetWalker to attack its systems. A fifth case was that of Australian customer experience firm Stellar, that also operates across Asia, North America and Africa.

The Tandem spokesman added: "We immediately initiated our incident response protocols, which identified that a localised ransomware attack had occurred.

"We continue to work with our external data security providers and, if any personally identifiable information has been accessed, we will notify those who may have been impacted as well as the appropriate authorities as required, including the Office of the Australian Information Commissioner.

"At this point, we are not aware of a notifiable data breach. Tandem takes data security extremely seriously, and this incident, although localised, is our highest priority.”