The Northern Territory Government has revealed the supplier of one its cloud-based IT systems was targeted in a ransomware attack, forcing the system offline for three weeks — but it insists the integrity and confidentiality of government data was never compromised.

Key points:

  • NT Government security systems blocked 46 million suspicious emails last year
  • Cyber criminals used COVID19 to try to lure public servants into sharing sensitive data
  • At least one public servant was tricked into purchasing gift cards for a scammer

Ransomware is a form of malicious software that can lock computer files and disable passwords until the victim either pays a ransom or alternative measures are implemented.

The NT Department of Corporate and Digital Development has told the ABC that an undisclosed perpetrator targeted the unnamed supplier of its web-based corporate software system last year.

“In 2020, a supplier to NT Government … was compromised and subsequently ‘ransomwared’,” the department said in a statement.

“The system was unavailable for three weeks whilst the vendor recovered the environment.”

Instead of paying the ransom, the supplier worked with the Australian Cyber Security Centre and NT Government officials to overcome the issue.

“They took the system offline and restored it from backup copies,” the department said.

Business continuity plans were implemented to maintain services during the system outage, it said.

“The confidentiality and integrity of NT Government data was not impacted as a result of the incident.”

46 million suspicious emails blocked

The ransomware attack was one of a multitude of online security incidents dealt with by the department last year — the majority of which were curtailed by protection systems.

Of the 68 million emails sent through the NT Government’s network last year, around 46 million — or almost 70 per cent — were blocked at the gateway due to suspicious and malicious content.

NT public servants were also targeted by a series of coronavirus-themed phishing attempts.(ABC 7.30)

But some emails still managed to trick public servants.

In one case, a staff member received a so-called “spoofed” email impersonating a known contact, the department said.

The email sought financial assistance from the unsuspecting recipient through the purchase of $300 worth of gift cards.

“The NT Government employee did not check with the person impersonated before taking action to personally purchase iTunes gift cards and email the iTunes gift card details to the scammer.”

The department said card details would likely have been on-sold by the perpetrator.

The incident was referred to NT Police and the employee was reminded about the tactics used by cyber criminals, the department said.

“There are never any circumstances where a legitimate business or government department will ask for payment in this way,” it said.

Public servants targeted by COVID-19 scams

NT public servants had also been targeted by a series of coronavirus-themed phishing attempts throughout 2020, the department said.

Phishing is a form of cyber fraud where perpetrators use seemingly legitimate emails to lure victims into providing sensitive information, including usernames, passwords and other important data.

In one case, staff at the NT Department of Trade, Businesses and Innovation were sent an email with the subject line “AU Health Department sent you ‘Coronavirus Covid-19 Relief Fund.pdf’.”

A screenshot of the scam email sent to NT Government staff.
Staff at the NT Department of Trade, Businesses and Innovation were sent this email.(Supplied: NT Government)

The email created a sense of urgency by advising recipients to click on a link, which was due to expire within six days.

“Malicious documents are occasionally downloaded, however, the anti-virus software running in the NT Government computing environment detects and removes them,” the department said.

In another scam, a customer service email account for the Power and Water Corporation was “spoofed” in an attempt to get sensitive information from recipients.

The department said it had security measures in place, including multi-factor authentication, to prevent NT Government log-in details being used fraudulently from outside its network.

From ABC News : www.abc.net.au