The Northern Territory Government was impacted by a ransomware attack against its third-party cloud-based IT system supplier.
The compromised third-party vendor, which at this point remains undisclosed, was forced offline after the cyberattack, causing NT government systems to become unavailable for three weeks while remediation efforts were undertaken.
The NT Department of Corporate and Digital Development (DCDD) said in a statement that a supplier to the NT Government was “ransomwared.”
A ransomware attack is a type of cyber attack where a victim’s sensitive data is breached, encrypted, and held hostage, only to be released if a set ransom price is paid. After making a ransom payment, victims are promised a decryption key to decrypt all of their seized data.
The compromised third-party vendor avoided paying the ransom and restored its systems using backup copies, in line with its incident response plan.
This incident is a harrowing echo of the devastating U.S. Government supply chain attack in December 2020, and further highlights the importance for organizations to institute a third-party due diligence solution to protect themselves against compromised vendors.
The DCDD said that the confidentiality and integrity of NT government data was not compromised in the breach.
This incident comes less than two years after the NT Government invested $1.5 million into strengthening the territory’s cybersecurity posture.