Avaddon hackers steal Telstra SIM card data and demand ransom

Avaddon Schepisi Telstra Ransomware

Ransomware gang, Avaddon, has claimed to have hacked an Australian mobile phone dealer, Schepisi Communications, and are threatening to dump a large cache of stolen data unless a ransom is paid. 

The threat comes after Avaddon published a sample of the stolen data on their leak website and have given the company until early next week to cooperate with them. According to Avaddon’s leak site, the gang claims to have a “large amount of data on mobile devices, tens of thousands of SIM cards and a lot of information for them, financial information, contracts, banking information and more.” 

Avaddon ransomware demand
The ransomware demand posted on Avaddon's data leak page

Avaddon has published a sample of the stolen data showing mobile phone connection plans, sim card information, transaction data, mobile service contracts, and financial invoices. The attack also appears to be multipronged. Not only was the data stolen, but Avaddon claims to have encrypted the companies data that can only be decrypted using Avaddon’s purpose-built decrypter. In addition, Avaddon is threatening to attack Schepisi’s website with a DDOS attack.

The Melbourne-based Australian company is an accredited Telstra Platinum partner that provides a one-stop shop for mobile products, cloud services, data, and networking. Schepisi also offers services to migrate client’s business data to Telstra’s cloud services, “A Telstra cloud service eliminates the need for businesses to have their own servers because all business data is stored in virtual servers online,” according to Schepisi’s website.

Schepisi’s company website has gone offline after the attack, and as of the time of publishing, is showing an offline message:

Schepisi website - avaddon ransomware ddos
Schepisi's website is showing as offline after the attack

Telstra has confirmed that there has been a breach of one of its dealers, “We’ve been in contact with the dealer and been told some ‘high level’ Telstra business customer information, such as mobile phone numbers, may have been accessed from its order fulfilment system,” a Telstra spokesperson said. 

Although Telstra doesn’t believe any sensitive personal information was included, some of the sample documents leaked on their site suggest customer names, phone numbers, and addresses are part of the stolen data.

Avaddon sample data leak
Sample data from the Avaddon data leak website

Avaddon first spotted in June 2020

The ransomware gang, Avaddon, first appeared in June 2020 when they began demanding small ransoms of $150 – $300 in bitcoins to get files back. It seems the group has expanded its cybercrime operations and is now targeting larger organizations with the hope of substantial ransom amounts.

Avaddon’s addition of data-leaking mirrors tactics employed by other ransomware gangs. The purpose of threatening to leak sensitive data follows a well-established path of escalation designed to increase the psychological pressure on the victims to pay the ransom.

The Cyber Security Herald has reached out to Avaddon for more information but has not yet received a response.

Scroll to Top