The need for ultra-vigilance in Cyber Security is highlighted by a Cyber Ransomware attack on one of Australia's (and Pacific region) leading print groups - TMA Group, who are themselves leading security printers, acquired by Anthony Karam in 2008.
TMA's smart new Headquarters
According to www.cyberdaily.au , the data breach is in the order of a massive 1.1 terrabytes. Responding to Cyber Daily, TMA revealed that it had suffered a partial outage and that unauthorised access had occured. TMA is a success story in Australian security, ticket and commercial printing, having acquired several printing companies along the way, including Spot Press' heatset arm, POS printer Label Press, PressFast, Premier Linerless Label printers, packaging and incorporating Mark Sensing thermal printing used in lottery tickets, POS terminals, parking station and other ticketing applications.
TMA delivers services that include airlines, airports, FMCG, manufacturing, higher education, telecoms, government, packaging and more, according to cyberdaily's report.
On Monday 14th April, TMA was listed on a 'Dark Web' leak site by an entity named as Sarcoma, as having exfiltrated the 1.1 Tb of sensitive data, which could potentially include budget documents, passport scans and other confidential documents. Such scams typically demand a sum of money as ransom to release the data and Sarcoma has notified TMA of a 48-hour period in which to pay the ransom, if it chooses to do so. However, reports are that TMA is on top of the situatuation and that printing operations are unaffected.
Australian Cyber Security magazine reports that 'Sarcoma' - best described as a gang of criminals - is targeting Australian Companies right now. Other companies alleged to have been attacked include: Road Distribution Services WA, Perfection Fresh, the Plastic Bag Company and Meshworks (wire mesh, not fencing & construction printed mesh). The location of Sarcoma is unclear but early indications are that it might be based in Eastern Europe.
What is Ransomware?
Ransomware is a type of malicious software that once installed onto a device or networks, encrypts the data and files, making them
unusable. Cybercriminals use ransomware to extort payments from victims in exchange for the recovery of, and ability to regain access to the encrypted data. This publication knows of cases where Australian print-related companies have been targetted - and have paid the ransom to continue in business.
On the upside, the AFP, cooperating with international Police forces, has had some success in tracking down these gangs and writing decryption reversal software. One such example is on THIS LINK
Back to TMA Group, the company has offices in Australia, NZ, USA and the Philippines. For some years TMA has been involved in a legal fight with an arm of the Philippines government - the Philippine Charity Sweepstakes Office- who had promised to be a j.v. partner in a $100 million thermal label printing operation with TMA. The Sarcoma attack appears to be largely focused on the Philippines operations of TMA, but may have repercussions across the Group.
All companies large and small should regularly audit and update cyber-security and immediately take action if any suspicious activity is taking place.
If you believe you are a victim of ransomware or any other cybercrime, report it to ReportCyber. If there is an imminent threat to your safety, call 000.
