Russian hackers, identified as the AlphV or BlackCat ransomware gang, have claimed responsibility for a string of cyberattacks on Victorian businesses.

The group claims to have stolen approximately 4.95 terabytes of data from companies including TissuPath (a pathology company), Strata Plan (an owners corporation service provider), Barry Plant Blackburn (a real estate agency), and Tisher Liner FC Law (a business and property law firm).

This attack follows the group's threat to publish 1.45 terabytes of data on the dark web back in June after Australian law firm HWL Ebsworth refused to meet their ransom demands. 

The hackers are reportedly targeting these companies, extorting them over the stolen data.

AlphV has also warned of a forthcoming campaign, involving emails and calls to the clients of these companies, offering them the option to pay to prevent their data from being publicly leaked. 

The nature of the stolen data remains unclear, but TissuPath has reported that patient names, dates of birth, contact details, Medicare numbers, and private health insurance details were exposed. 

The pathology company says it is working to contact all affected individuals.

The cyberattacks are linked to Melbourne-based IT firm Core Desktop, which provided services to TissuPath, Strata Plan, and Barry Plant Blackburn. 

Core Desktop discovered the breach on August 22, 2023, citing a targeted client-side phishing attack as the potential entry point. Core Desktop has since taken steps to regain control of its systems, including resetting passwords and hiring cybersecurity experts.

Affected companies have taken varying stances on the extent of the breach. 

Barry Plant emphasised that the attack was confined to its Blackburn office, with its broader systems remaining secure. Strata Plan disputed the hackers' claim of data theft, asserting that its data remained secure due to existing precautionary measures. Tisher Liner FC Law is still investigating the matter.

TissuPath, on the other hand, confirmed that patient request forms from 2011 to 2020 had been released by the hackers on the dark web, amounting to 446 gigabytes of data or over 735,000 files. 

The leaked files include clinical notes and health history information. The breach is believed to have occurred through Core Desktop, marking it as a supply-chain attack.

Australian cybersecurity experts have characterised AlphV as one of the most active and sophisticated Russia-based ransomware gangs. 

The group's actions mirror a broader trend of cybercriminals targeting Australian businesses in recent years.

TissuPath says it has reported the breach to the relevant authorities, including the Office of the Australian Information Commissioner, the Australian Cyber Security Centre, Victoria Police, NSW Police, and Home Affairs. 

The company stressed that its main database for patient diagnoses remained uncompromised, and it did not store financial details or other sensitive personal information.

Despite the Russian connection, it is important to note that the gang operates a ransomware-as-a-service model, allowing affiliates from around the world to use its tools and infrastructure for extorting companies.