[BreachExchange] Car auction house hit with $30 million ransom demand after crippling cyber attack

Destry Winant destry at riskbasedsecurity.com
Wed Mar 11 10:08:51 EDT 2020


https://www.smh.com.au/business/consumer-affairs/major-company-with-perth-office-faces-30-million-ransom-demand-after-cyber-attack-20200310-p548lo.html

Cyber criminals have sent a $30 million ransom demand to one of the
country's biggest car auction houses after using malware to lock it
out its computer system.

The Australian branch of Manheim Auctions has previously confirmed it
was the target of a ransomware attack on February 14 but in a
statement released on Tuesday, WA's Consumer Protection agency
revealed the extent of the attack and how much the cyber criminals
were asking for.

Manheim's national operations have ground to a halt as a result of the attack.

Manheim has locations right across the country and sells cars over its
website, which has been offline since the attack.

Manheim took to its Facebook page after the attack to tell customers
it had restricted access to some its computer systems.

Consumer Protection WA said the Manheim had assured it that clients'
personal data had not been compromised and had indicated it would not
pay the ransom.

It also said the company had called on IT experts from its United
States arm to restore operations and create a new website.

Manheim has been approached for comment.

Consumer Protection WA likened the ransomware attack to the one that
hit Toll Group two weeks earlier, disrupting freight and parcel
deliveries.

In early February, Toll Group was hit with a variant of ransomware
known as Mailto, which infected 1000 servers and crippled the freight
giant for a month as it worked to remove the virus from its systems.

Commissioner for Consumer Protection WA Penny Lipscombe used the
attacks as a warning for complacent businesses.

“Often the ransomware is downloaded by an employee who opens an
attachment in a scam email or clicks on a link, giving the cyber
criminals access to the computer system,” she said.

“The system is locked by the criminals and files encrypted, followed
by a ransom demand to have the system unlocked.

"Of course, we recommend that companies do not pay the ransom as the
criminals are likely to come back asking for more money.

“Paying will also give the criminals added incentive to continue their
illegal and highly disruptive practices. Instead, seek expert IT
assistance to have the computer system restored.”

Ms Lipscombe said all businesses should review and update their cyber
security efforts.

"Staff also need to be trained not to automatically open attachments
or click on links in emails, especially if the sender is unknown. Even
when senders are known, staff should be vigilant as accounts may have
been hacked," she said.


More information about the BreachExchange mailing list