Latest News

How LockBit's Attack on OracleCMS Unfolds a Cautionary Tale 

On April 4th, the well-known ransomware group, LockBit, launched a stealthy cyber-attack on OracleCMS, a prominent Australian call centre operator. By April 12th, details of the attack were publicly revealed on LockBit's own leak site—a chilling showcase of the group's reach and impact. 

OracleCMS, which operates contact centres across Australia, found itself in a dire situation when LockBit released over 60 terabytes of compressed data. This colossal breach included sensitive billing and financial documents, as well as a treasure trove of client information. The data, regrettably, featured extensive details from local councils, aged-care facilities, law firms, and even religious organisations like the Queensland chapter of the Philadelphia Church of God. 

Among the leaked documents were on-call mobile numbers, extensive Excel spreadsheets, and details as minute as the location and meter IDs of every parking meter in the City of Sydney. More alarmingly, there were records of phone calls made to aged-care providers reporting serious issues such as diseases and instances of domestic abuse. While it appeared that no personally identifiable information was directly exposed, the breach still posed significant privacy risks. 

What Does This Mean for You? 

If you're concerned about the possibility of falling victim to a similar cyber-attack, here are some actionable tips to safeguard your data: 

• Stay Informed: Awareness is your first line of defence. Keep up-to-date with the latest cybersecurity trends and threats. 
  
• Use Strong, Unique Passwords: Ensure that your passwords are robust and unique across different services. Consider using a password manager to keep track of them. 
  
• Enable Two-Factor Authentication (2FA): Adding an extra layer of security can significantly reduce the risk of unauthorized access. 
  
• Regularly Update Software: Keep your operating system, antivirus software, and applications up-to-date to protect against known vulnerabilities. 
  
• Back Up Your Data: Regular backups can be a lifesaver in case of data loss or a ransomware attack. Ensure these backups are secure and not connected to your main network. 
  
• Educate Your Team: If you run a business, make sure your employees are trained to recognize phishing attempts and other common cyber threats. 

What If You're Caught in a Ransomware Attack? 

If you find yourself in the grip of a ransomware attack, here’s what you can do: 

• Do Not Pay the Ransom: Paying the ransom does not guarantee that you'll get your data back. It also encourages the perpetrators to continue their criminal activities. 
  
• Disconnect from the Network: As soon as you detect a breach, disconnect affected devices from the internet to prevent further spread. 
  
• Notify Authorities: Contact the Australian Cyber Security Centre (ACSC) through the web site https://www.cyber.gov.au/report-and-recover/report, or call the Hotline on 1300 CYBER1 (1300 292 371). 
  
• Consult Cybersecurity Professionals: Consider hiring experts who can help recover your data and secure your systems from future attacks. 
  
• Communicate Transparently: If client data is involved, inform them about the breach responsibly and transparently, explaining what steps you are taking to address the issue. 

The attack on OracleCMS serves as a potent reminder of the ever-present cyber threats in our interconnected world. By taking proactive steps and preparing for potential cyber incidents, businesses can better protect themselves and their sensitive data.