Mining services company Goodline has suffered a cyber-attack which saw the company locked out of some of its own computer systems for close to three weeks and more than 600GB of data stolen.
Mining services company Goodline has suffered a cyber-attack which saw the company locked out of some of its own computer systems for close to three weeks and more than 600GB of data stolen.
It’s believed the attack first happened in September although the group behind the attack, RansomHub, only claimed responsibility on November 4.
Goodline provides maintenance, transport and logistics, and shut down services for some of Australia’s largest resource companies and operates within the world’s largest bulk export port town of Port Hedland.
Currently headquartered in Queensland, the company has offices in Queensland, the Northern Territory and WA.
Speaking to Business News, Goodline director Catherine Kennedy said a few days after the attack in September, the ransomware group contacted them via email demanding a $1 million ransom.
“Look we’re lucky because what they took seemed to be mostly system files, not sensitive information of our employees or vendors,” she said.
“We've just been head down trying to make the company working again, because it did really grind the company to a halt in all sorts of ways.
“Payroll, payments to creditors, getting invoices out; it really did stop us from working for a few weeks until we moved to the cloud and recovered everything.
“We're 90 per cent back on track again, and probably 10 per cent to go.”
Ms Kennedy said there was “no way” the company could – or would – pay the ransom, and that they had made several changes to their systems since.
“We’ve moved our servers to the cloud, we’ve made sure two factor authentication is required across the board, and we’ve ensured everyone has changed their passwords,” she said.
“There’s no way we were going to pay these criminals – even if we did, who is to say they wouldn’t just attack us again knowing we’d already paid.”
Goodline wasn’t the first WA company to be targeted by the RansomHub group, with two engineering firms - Kempe Engineering and McDowall Affleck - also recently targeted.
RansomHub claims to be an "international consortium" of cyber actors, but its data leak site indicates they avoid targeting companies and infrastructure in Russia, Cuba, North Korea or China.
Data compiled by threat intelligence platform Cyberint, which examined the group's earnings by analysis of its data leak site and tallying the published data posts (indicating victims who refused to pay the ransom), found 160 of 190 victims chose not to pay the ransom.
Of the remaining 30, ten were still in negotiations, indicating some 11.2 per cent of victims had paid a ransom.
It's the latest in a long line of ransomware attacks on WA companies, with groups like Sarcoma, Lynx, Medusa, Meow and Blacksuit all holding WA companies to ransom in the past year.
Some companies targeted include Funlab, who operate Holey Moley mini golf venues; the Harry Perkins Institute, a medical research body; and Compass Group, one of Australia’s largest hospitality operators.
