Share this article on:
The LockBit ransomware gang is threatening to publish more than 40,000 files stolen from the Wattle Range Council.
A South Australian council is the latest victim of the LockBit ransomware gang, with the criminals posting details of the attack on their darknet leak site overnight.
LockBit posted a series of sample images of documents and file structures that appear to have been stolen from the council, alongside a deadline of 4 August to pay an unspecified ransom amount.
According to a screenshot of the properties of a folder labelled only “data”, LockBit has stolen 103 gigabytes of data in more than 7,000 folders, totalling 46,248 files. Other screenshots of the file structure show dozens of PDFs, images, and other documents.
Also included in the ransom post are actual document samples, including a complaint notice sent to a local resident, a rate notice sent to another resident, and a BankSA Business Banking Online Amendment Application with what appears to be five credit card numbers listed.
Other documents include a tax invoice and a list of cash transactions at the Southern Ocean Tourist Park with customers’ names and the locations of where they stayed at the site.
The documents all appear to be legitimate and were accessed between 20 and 24 June.
Wattle Range Council is aware of the incident.
“Our ongoing investigation has confirmed that some Wattle Range Council data has been accessed and taken from our IT environment. A priority of our investigation is to determine exactly what information was involved, and who it relates to,” the council said in a statement posted to its website after being contacted by Cyber Daily.
“At this stage, we believe the information largely relates to files taken from a legacy server, which primarily contains publicly available information and internal working documents.
“We are also aware that earlier today, Wattle Range Council has been named on a post on the dark web, alongside a sample of data which we are now reviewing as a priority. We have monitoring in place to detect any further developments or publication of our data and will provide further updates as required.
“In line with government guidance, we urge that no one tries to access the post or the stolen data, which only feeds the business model of cyber criminals and can be a criminal offence.”
The council has said it is monitoring the situation and that the Australian Cyber Security Centre has been informed.
Wattle Range Council had a population of more than 11,000 as of the 2016 Census and is in the Limestone Coast region of South Australia.
LockBit’s been somewhat on a tear in recent days, with the ransomware-as-a-service operation posting the details of 13 victims just on 19 July alone. In the month to date, the gang claimed to have hacked 31 organisations from all over the world and in a range of industries, from hospitals to schools and even the US FBI late last month.
In the last 12 months, the gang has claimed 14 Australian victims, including Nissan Oceania, call centre OracleCMS, and software vendor GaP Solutions.
Cyber Daily has reached out to the Wattle Range Council for comment on the incident.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.