Australian logistics firm B dynamic Logistics is investigating claims by the Qilin ransomware-as-a-service group that it has compromised the Australian company’s systems, in a case with implications for cyber insurers and brokers.
The Kemps Creek, New South Wales-based logistics firm was listed by Qilin on Dec. 1, according to Cyber Daily. The threat group has not publicly released data or technical details relating to B dynamic Logistics, but the company has started its incident response process and is reviewing the claims. “B dynamic Logistics is aware of the situation, and we are currently investigating the matter with support from our IT staff. As this investigation is ongoing, we are unable to provide specific details at this stage,” B dynamic Logistics chief information officer Suranthe de Silva told Cyber Daily.
The firm said it has triggered its cyber incident response procedures, focusing on verifying whether Qilin’s assertions are accurate and whether any systems or information have been affected. “We are taking steps to ensure the security and continuity of our operations. We will also engage with the appropriate authorities and will provide any required notifications in accordance with Australian regulatory obligations,” de Silva said. He added: “As the investigation is still in progress, and we do not want to compromise evidence or the integrity of our response, we are not yet in a position to answer detailed questions regarding timing, scope, or potential data impact. We will share further information with staff, clients, and stakeholders as soon as it is appropriate to do so.”
The B dynamic Logistics investigation comes as the federal government collects new data on how often Australian businesses pay cyber ransoms under a mandatory disclosure framework. Since May 30, entities with annual turnover above $3 million have been required to inform the federal government if they make a ransom payment following a cyber extortion event. In that time, 66 businesses have reported that they paid a ransom, according to figures cited by 9News.
Home Affairs Minister Tony Burke said authorities believe the real number of payments is higher than what has been disclosed so far. “We suspect we’re still not getting everybody. This is a really good start, but we still work on the basis that some people are not yet reporting. It’s not simply a legal obligation to report; it’s also completely in their interests,” Burke told 9News. He identified Russian crime groups as a key source of ransomware activity affecting Australian organisations, alongside actors based in China, Iran, and North Korea.
National Cyber Security Coordinator Michelle McGuinness has reiterated that paying ransoms continues to support ongoing cybercrime activity, even though such payments are not illegal in Australia. She noted that there are limited scenarios in which organisations may view payment as a last resort, particularly where systems underpin essential services. “There are a small number of scenarios where a system may be connected to a piece of equipment that might be supporting life and death, providing power, providing water. So, there are some unique circumstances where you could envisage that it could have significant impacts if it took you any longer to remediate those systems – so paying might bring you a little bit of speed,” McGuinness told 9News.
McGuinness cautioned that paying does not ensure that data will be destroyed or withheld from publication. “We’re dealing with criminals, so we can’t trust that they’re going to be honest. We know they have data. They may give back a copy, but we’ve also seen criminals and other criminals then exploit further the data. Those who pay a ransom really illuminate themselves as a target, as being a payer, and so many of them are retargeted and have to pay again,” she said.
Melbourne-based lawyer Cameron Whittfield, a cyber specialist at HSF Kramer, said only a minority of large organisations that experience a ransomware incident ultimately make a payment, estimating that proportion at less than one-third. “Those that pay are probably more likely to pay if they’ve got an operational or asset integrity issue rather than a data issue, because the data has already left the building by the time that extortion demand arrives. And so, what you’re paying for is something which is relatively intangible, which is basically a commitment from a threat actor to not disclose or delete that data. Now that can occur whether or not you’re critical infrastructure or a hospital or electricity distribution or something similar, or it could be just an everyday business, a small, medium business, which just relies on continuity,” Whittfield said.
According to 9News, ransom demands directed at larger companies often fall in the range of hundreds of thousands to millions of dollars. For insurance buyers, the scale of demands has implications for the adequacy of cyber limits, the structure of extortion sub-limits, the choice of panel vendors, and policy conditions governing engagement with threat actors and incident response decision-making. Burke said: “A lot of the reports we’ve had have been from Russian gangs, but no matter what country it’s from, they’ve all got one thing in common: they’re criminals, they’re not trustworthy, and they’re not going to act in people’s interests.”
