A Telstra reseller has been affected by ransomware. Image: Shutterstock

Reseller Telstra Schepisi Communications has been taken offline by a ransomware group that supports a Distributed Denial of Service (DDoS) attack on its website.

The Melbourne-based company was featured this week on the dark web leak site of the ransomware group Avaddon, with cybercriminals threatening to release “valuable company documents” if Schepisi does not spit out the ransom.

“We have a large amount of data on mobile devices, tens of thousands of SIM cards and a lot of information for them, financial information, contracts, banking information and much more,” the ransom note reads.

“Also remember that data cannot be decrypted without our general decryptor. And your site will be attacked by a DDoS attack.

Schepisi’s website came back online on Wednesday afternoon. The company did not respond to Information agerequests for comments.

On the leak site are images of internal documents, including a spreadsheet listing phone numbers and their associated identifiers, such as SIM and IMEI numbers, for corporate clients such as Bunnings, Yamaha Australia and Wesfarmers.

A Telstra spokesperson said the attack was isolated from Schepisi’s systems and is not expected to affect Telstra customers.

“We’re getting more information, but we don’t believe any sensitive personal information has been included,” Telstra said.

“Our dedicated cybersecurity team is working closely with the dealership to help them resolve the issue.

“We use strict guidelines on how our partners access and store customer data. No Telstra system was violated in this attack.

^{Schepisi has been affected by the Avaddon ransomware group. Image: provided}

Avaddon strikes again

Schepisi is the third Australian organization to be affected by Avaddon in recent weeks.

Victorian public high school, Newcomb Secondary College, was targeted by the group last week and still has the ransom warning on the Avaddon leak site.

The Victoria Department of Education said it was working with the school to resolve the issue and that its initial investigations show that the files extracted by the extortionists are “not sensitive”.

Newcomb also appears to be suffering the effects of its DDoS attack, with its website currently has a banner stating that this is a “temporary website set up to provide relevant information about the ransomware attack.”

Global architecture firm Farrells has also fallen victim to Avaddon, who presented details of the firm’s Sydney offices on its leaked site.

The company used Cloudfare‘s DDoS protection to mitigate the ongoing attack.

Ever-changing ransom threats

Matthew Westwood-Hill, lead investigator for Australian security firm CyberCX, said Avaddon’s method of shutting down an organization’s website was designed to force them to engage with the group.

“It’s another way of forcing a pressure point – a very public point of view – to bring the victim to the negotiating table,” he said.

“Not only does this impact their network by encrypting and stealing data, but now they’re causing disruption in a much more public way. “

Avaddon is probably exploiting a botnet for its DDoS attacks, using a large number of hacked devices to send requests to the target website.

“People can use services like Cloudfare as a layer of protection to help prevent the automated DDoS attack process,” Westwood-Hill said.

“But sometimes you have to be careful. Obviously, the group of threat actors are watching the DDoS attack and if the victim decides to bypass it then the malicious actors will see this as a certain level of response and could escalate.

If you find yourself attacked by ransomware, Westwood-Hill said, the important thing is not to panic.

“Victims tend to feel very lonely in these situations, but you are not alone,” he said.

“Most of the time you can have the most sophisticated network and security infrastructure and still fall victim to human error. “